1 /* 2 * Copyright © 2008-2015 Intel Corporation 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice (including the next 12 * paragraph) shall be included in all copies or substantial portions of the 13 * Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 * IN THE SOFTWARE. 22 * 23 * Authors: 24 * Eric Anholt <eric@anholt.net> 25 * 26 */ 27 28 #include <drm/drmP.h> 29 #include <drm/drm_vma_manager.h> 30 #include <drm/i915_drm.h> 31 #include "i915_drv.h" 32 #include "i915_gem_clflush.h" 33 #include "i915_vgpu.h" 34 #include "i915_trace.h" 35 #include "intel_drv.h" 36 #include "intel_frontbuffer.h" 37 #include "intel_mocs.h" 38 #include <linux/dma-fence-array.h> 39 #include <linux/kthread.h> 40 #include <linux/reservation.h> 41 #include <linux/shmem_fs.h> 42 #include <linux/slab.h> 43 #include <linux/stop_machine.h> 44 #include <linux/swap.h> 45 #include <linux/pci.h> 46 #include <linux/dma-buf.h> 47 48 static void i915_gem_flush_free_objects(struct drm_i915_private *i915); 49 static void i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj); 50 static void i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj); 51 52 static bool cpu_write_needs_clflush(struct drm_i915_gem_object *obj) 53 { 54 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU) 55 return false; 56 57 if (!i915_gem_object_is_coherent(obj)) 58 return true; 59 60 return obj->pin_display; 61 } 62 63 static int 64 insert_mappable_node(struct i915_ggtt *ggtt, 65 struct drm_mm_node *node, u32 size) 66 { 67 memset(node, 0, sizeof(*node)); 68 return drm_mm_insert_node_in_range(&ggtt->base.mm, node, 69 size, 0, I915_COLOR_UNEVICTABLE, 70 0, ggtt->mappable_end, 71 DRM_MM_INSERT_LOW); 72 } 73 74 static void 75 remove_mappable_node(struct drm_mm_node *node) 76 { 77 drm_mm_remove_node(node); 78 } 79 80 /* some bookkeeping */ 81 static void i915_gem_info_add_obj(struct drm_i915_private *dev_priv, 82 u64 size) 83 { 84 spin_lock(&dev_priv->mm.object_stat_lock); 85 dev_priv->mm.object_count++; 86 dev_priv->mm.object_memory += size; 87 spin_unlock(&dev_priv->mm.object_stat_lock); 88 } 89 90 static void i915_gem_info_remove_obj(struct drm_i915_private *dev_priv, 91 u64 size) 92 { 93 spin_lock(&dev_priv->mm.object_stat_lock); 94 dev_priv->mm.object_count--; 95 dev_priv->mm.object_memory -= size; 96 spin_unlock(&dev_priv->mm.object_stat_lock); 97 } 98 99 static int 100 i915_gem_wait_for_error(struct i915_gpu_error *error) 101 { 102 int ret; 103 104 might_sleep(); 105 106 /* 107 * Only wait 10 seconds for the gpu reset to complete to avoid hanging 108 * userspace. If it takes that long something really bad is going on and 109 * we should simply try to bail out and fail as gracefully as possible. 110 */ 111 ret = wait_event_interruptible_timeout(error->reset_queue, 112 !i915_reset_backoff(error), 113 I915_RESET_TIMEOUT); 114 if (ret == 0) { 115 DRM_ERROR("Timed out waiting for the gpu reset to complete\n"); 116 return -EIO; 117 } else if (ret < 0) { 118 return ret; 119 } else { 120 return 0; 121 } 122 } 123 124 int i915_mutex_lock_interruptible(struct drm_device *dev) 125 { 126 struct drm_i915_private *dev_priv = to_i915(dev); 127 int ret; 128 129 ret = i915_gem_wait_for_error(&dev_priv->gpu_error); 130 if (ret) 131 return ret; 132 133 ret = mutex_lock_interruptible(&dev->struct_mutex); 134 if (ret) 135 return ret; 136 137 return 0; 138 } 139 140 int 141 i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data, 142 struct drm_file *file) 143 { 144 struct drm_i915_private *dev_priv = to_i915(dev); 145 struct i915_ggtt *ggtt = &dev_priv->ggtt; 146 struct drm_i915_gem_get_aperture *args = data; 147 struct i915_vma *vma; 148 size_t pinned; 149 150 pinned = 0; 151 mutex_lock(&dev->struct_mutex); 152 list_for_each_entry(vma, &ggtt->base.active_list, vm_link) 153 if (i915_vma_is_pinned(vma)) 154 pinned += vma->node.size; 155 list_for_each_entry(vma, &ggtt->base.inactive_list, vm_link) 156 if (i915_vma_is_pinned(vma)) 157 pinned += vma->node.size; 158 mutex_unlock(&dev->struct_mutex); 159 160 args->aper_size = ggtt->base.total; 161 args->aper_available_size = args->aper_size - pinned; 162 163 return 0; 164 } 165 166 static struct sg_table * 167 i915_gem_object_get_pages_phys(struct drm_i915_gem_object *obj) 168 { 169 struct address_space *mapping = obj->base.filp->f_mapping; 170 drm_dma_handle_t *phys; 171 struct sg_table *st; 172 struct scatterlist *sg; 173 char *vaddr; 174 int i; 175 176 if (WARN_ON(i915_gem_object_needs_bit17_swizzle(obj))) 177 return ERR_PTR(-EINVAL); 178 179 /* Always aligning to the object size, allows a single allocation 180 * to handle all possible callers, and given typical object sizes, 181 * the alignment of the buddy allocation will naturally match. 182 */ 183 phys = drm_pci_alloc(obj->base.dev, 184 obj->base.size, 185 roundup_pow_of_two(obj->base.size)); 186 if (!phys) 187 return ERR_PTR(-ENOMEM); 188 189 vaddr = phys->vaddr; 190 for (i = 0; i < obj->base.size / PAGE_SIZE; i++) { 191 struct page *page; 192 char *src; 193 194 page = shmem_read_mapping_page(mapping, i); 195 if (IS_ERR(page)) { 196 st = ERR_CAST(page); 197 goto err_phys; 198 } 199 200 src = kmap_atomic(page); 201 memcpy(vaddr, src, PAGE_SIZE); 202 drm_clflush_virt_range(vaddr, PAGE_SIZE); 203 kunmap_atomic(src); 204 205 put_page(page); 206 vaddr += PAGE_SIZE; 207 } 208 209 i915_gem_chipset_flush(to_i915(obj->base.dev)); 210 211 st = kmalloc(sizeof(*st), GFP_KERNEL); 212 if (!st) { 213 st = ERR_PTR(-ENOMEM); 214 goto err_phys; 215 } 216 217 if (sg_alloc_table(st, 1, GFP_KERNEL)) { 218 kfree(st); 219 st = ERR_PTR(-ENOMEM); 220 goto err_phys; 221 } 222 223 sg = st->sgl; 224 sg->offset = 0; 225 sg->length = obj->base.size; 226 227 sg_dma_address(sg) = phys->busaddr; 228 sg_dma_len(sg) = obj->base.size; 229 230 obj->phys_handle = phys; 231 return st; 232 233 err_phys: 234 drm_pci_free(obj->base.dev, phys); 235 return st; 236 } 237 238 static void 239 __i915_gem_object_release_shmem(struct drm_i915_gem_object *obj, 240 struct sg_table *pages, 241 bool needs_clflush) 242 { 243 GEM_BUG_ON(obj->mm.madv == __I915_MADV_PURGED); 244 245 if (obj->mm.madv == I915_MADV_DONTNEED) 246 obj->mm.dirty = false; 247 248 if (needs_clflush && 249 (obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0 && 250 !i915_gem_object_is_coherent(obj)) 251 drm_clflush_sg(pages); 252 253 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 254 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 255 } 256 257 static void 258 i915_gem_object_put_pages_phys(struct drm_i915_gem_object *obj, 259 struct sg_table *pages) 260 { 261 __i915_gem_object_release_shmem(obj, pages, false); 262 263 if (obj->mm.dirty) { 264 struct address_space *mapping = obj->base.filp->f_mapping; 265 char *vaddr = obj->phys_handle->vaddr; 266 int i; 267 268 for (i = 0; i < obj->base.size / PAGE_SIZE; i++) { 269 struct page *page; 270 char *dst; 271 272 page = shmem_read_mapping_page(mapping, i); 273 if (IS_ERR(page)) 274 continue; 275 276 dst = kmap_atomic(page); 277 drm_clflush_virt_range(vaddr, PAGE_SIZE); 278 memcpy(dst, vaddr, PAGE_SIZE); 279 kunmap_atomic(dst); 280 281 set_page_dirty(page); 282 if (obj->mm.madv == I915_MADV_WILLNEED) 283 mark_page_accessed(page); 284 put_page(page); 285 vaddr += PAGE_SIZE; 286 } 287 obj->mm.dirty = false; 288 } 289 290 sg_free_table(pages); 291 kfree(pages); 292 293 drm_pci_free(obj->base.dev, obj->phys_handle); 294 } 295 296 static void 297 i915_gem_object_release_phys(struct drm_i915_gem_object *obj) 298 { 299 i915_gem_object_unpin_pages(obj); 300 } 301 302 static const struct drm_i915_gem_object_ops i915_gem_phys_ops = { 303 .get_pages = i915_gem_object_get_pages_phys, 304 .put_pages = i915_gem_object_put_pages_phys, 305 .release = i915_gem_object_release_phys, 306 }; 307 308 static const struct drm_i915_gem_object_ops i915_gem_object_ops; 309 310 int i915_gem_object_unbind(struct drm_i915_gem_object *obj) 311 { 312 struct i915_vma *vma; 313 LIST_HEAD(still_in_list); 314 int ret; 315 316 lockdep_assert_held(&obj->base.dev->struct_mutex); 317 318 /* Closed vma are removed from the obj->vma_list - but they may 319 * still have an active binding on the object. To remove those we 320 * must wait for all rendering to complete to the object (as unbinding 321 * must anyway), and retire the requests. 322 */ 323 ret = i915_gem_object_wait(obj, 324 I915_WAIT_INTERRUPTIBLE | 325 I915_WAIT_LOCKED | 326 I915_WAIT_ALL, 327 MAX_SCHEDULE_TIMEOUT, 328 NULL); 329 if (ret) 330 return ret; 331 332 i915_gem_retire_requests(to_i915(obj->base.dev)); 333 334 while ((vma = list_first_entry_or_null(&obj->vma_list, 335 struct i915_vma, 336 obj_link))) { 337 list_move_tail(&vma->obj_link, &still_in_list); 338 ret = i915_vma_unbind(vma); 339 if (ret) 340 break; 341 } 342 list_splice(&still_in_list, &obj->vma_list); 343 344 return ret; 345 } 346 347 static long 348 i915_gem_object_wait_fence(struct dma_fence *fence, 349 unsigned int flags, 350 long timeout, 351 struct intel_rps_client *rps) 352 { 353 struct drm_i915_gem_request *rq; 354 355 BUILD_BUG_ON(I915_WAIT_INTERRUPTIBLE != 0x1); 356 357 if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags)) 358 return timeout; 359 360 if (!dma_fence_is_i915(fence)) 361 return dma_fence_wait_timeout(fence, 362 flags & I915_WAIT_INTERRUPTIBLE, 363 timeout); 364 365 rq = to_request(fence); 366 if (i915_gem_request_completed(rq)) 367 goto out; 368 369 /* This client is about to stall waiting for the GPU. In many cases 370 * this is undesirable and limits the throughput of the system, as 371 * many clients cannot continue processing user input/output whilst 372 * blocked. RPS autotuning may take tens of milliseconds to respond 373 * to the GPU load and thus incurs additional latency for the client. 374 * We can circumvent that by promoting the GPU frequency to maximum 375 * before we wait. This makes the GPU throttle up much more quickly 376 * (good for benchmarks and user experience, e.g. window animations), 377 * but at a cost of spending more power processing the workload 378 * (bad for battery). Not all clients even want their results 379 * immediately and for them we should just let the GPU select its own 380 * frequency to maximise efficiency. To prevent a single client from 381 * forcing the clocks too high for the whole system, we only allow 382 * each client to waitboost once in a busy period. 383 */ 384 if (rps) { 385 if (INTEL_GEN(rq->i915) >= 6) 386 gen6_rps_boost(rq->i915, rps, rq->emitted_jiffies); 387 else 388 rps = NULL; 389 } 390 391 timeout = i915_wait_request(rq, flags, timeout); 392 393 out: 394 if (flags & I915_WAIT_LOCKED && i915_gem_request_completed(rq)) 395 i915_gem_request_retire_upto(rq); 396 397 if (rps && i915_gem_request_global_seqno(rq) == intel_engine_last_submit(rq->engine)) { 398 /* The GPU is now idle and this client has stalled. 399 * Since no other client has submitted a request in the 400 * meantime, assume that this client is the only one 401 * supplying work to the GPU but is unable to keep that 402 * work supplied because it is waiting. Since the GPU is 403 * then never kept fully busy, RPS autoclocking will 404 * keep the clocks relatively low, causing further delays. 405 * Compensate by giving the synchronous client credit for 406 * a waitboost next time. 407 */ 408 spin_lock(&rq->i915->rps.client_lock); 409 list_del_init(&rps->link); 410 spin_unlock(&rq->i915->rps.client_lock); 411 } 412 413 return timeout; 414 } 415 416 static long 417 i915_gem_object_wait_reservation(struct reservation_object *resv, 418 unsigned int flags, 419 long timeout, 420 struct intel_rps_client *rps) 421 { 422 unsigned int seq = __read_seqcount_begin(&resv->seq); 423 struct dma_fence *excl; 424 bool prune_fences = false; 425 426 if (flags & I915_WAIT_ALL) { 427 struct dma_fence **shared; 428 unsigned int count, i; 429 int ret; 430 431 ret = reservation_object_get_fences_rcu(resv, 432 &excl, &count, &shared); 433 if (ret) 434 return ret; 435 436 for (i = 0; i < count; i++) { 437 timeout = i915_gem_object_wait_fence(shared[i], 438 flags, timeout, 439 rps); 440 if (timeout < 0) 441 break; 442 443 dma_fence_put(shared[i]); 444 } 445 446 for (; i < count; i++) 447 dma_fence_put(shared[i]); 448 kfree(shared); 449 450 prune_fences = count && timeout >= 0; 451 } else { 452 excl = reservation_object_get_excl_rcu(resv); 453 } 454 455 if (excl && timeout >= 0) { 456 timeout = i915_gem_object_wait_fence(excl, flags, timeout, rps); 457 prune_fences = timeout >= 0; 458 } 459 460 dma_fence_put(excl); 461 462 /* Oportunistically prune the fences iff we know they have *all* been 463 * signaled and that the reservation object has not been changed (i.e. 464 * no new fences have been added). 465 */ 466 if (prune_fences && !__read_seqcount_retry(&resv->seq, seq)) { 467 if (reservation_object_trylock(resv)) { 468 if (!__read_seqcount_retry(&resv->seq, seq)) 469 reservation_object_add_excl_fence(resv, NULL); 470 reservation_object_unlock(resv); 471 } 472 } 473 474 return timeout; 475 } 476 477 static void __fence_set_priority(struct dma_fence *fence, int prio) 478 { 479 struct drm_i915_gem_request *rq; 480 struct intel_engine_cs *engine; 481 482 if (!dma_fence_is_i915(fence)) 483 return; 484 485 rq = to_request(fence); 486 engine = rq->engine; 487 if (!engine->schedule) 488 return; 489 490 engine->schedule(rq, prio); 491 } 492 493 static void fence_set_priority(struct dma_fence *fence, int prio) 494 { 495 /* Recurse once into a fence-array */ 496 if (dma_fence_is_array(fence)) { 497 struct dma_fence_array *array = to_dma_fence_array(fence); 498 int i; 499 500 for (i = 0; i < array->num_fences; i++) 501 __fence_set_priority(array->fences[i], prio); 502 } else { 503 __fence_set_priority(fence, prio); 504 } 505 } 506 507 int 508 i915_gem_object_wait_priority(struct drm_i915_gem_object *obj, 509 unsigned int flags, 510 int prio) 511 { 512 struct dma_fence *excl; 513 514 if (flags & I915_WAIT_ALL) { 515 struct dma_fence **shared; 516 unsigned int count, i; 517 int ret; 518 519 ret = reservation_object_get_fences_rcu(obj->resv, 520 &excl, &count, &shared); 521 if (ret) 522 return ret; 523 524 for (i = 0; i < count; i++) { 525 fence_set_priority(shared[i], prio); 526 dma_fence_put(shared[i]); 527 } 528 529 kfree(shared); 530 } else { 531 excl = reservation_object_get_excl_rcu(obj->resv); 532 } 533 534 if (excl) { 535 fence_set_priority(excl, prio); 536 dma_fence_put(excl); 537 } 538 return 0; 539 } 540 541 /** 542 * Waits for rendering to the object to be completed 543 * @obj: i915 gem object 544 * @flags: how to wait (under a lock, for all rendering or just for writes etc) 545 * @timeout: how long to wait 546 * @rps: client (user process) to charge for any waitboosting 547 */ 548 int 549 i915_gem_object_wait(struct drm_i915_gem_object *obj, 550 unsigned int flags, 551 long timeout, 552 struct intel_rps_client *rps) 553 { 554 might_sleep(); 555 #if IS_ENABLED(CONFIG_LOCKDEP) 556 GEM_BUG_ON(debug_locks && 557 !!lockdep_is_held(&obj->base.dev->struct_mutex) != 558 !!(flags & I915_WAIT_LOCKED)); 559 #endif 560 GEM_BUG_ON(timeout < 0); 561 562 timeout = i915_gem_object_wait_reservation(obj->resv, 563 flags, timeout, 564 rps); 565 return timeout < 0 ? timeout : 0; 566 } 567 568 static struct intel_rps_client *to_rps_client(struct drm_file *file) 569 { 570 struct drm_i915_file_private *fpriv = file->driver_priv; 571 572 return &fpriv->rps; 573 } 574 575 int 576 i915_gem_object_attach_phys(struct drm_i915_gem_object *obj, 577 int align) 578 { 579 int ret; 580 581 if (align > obj->base.size) 582 return -EINVAL; 583 584 if (obj->ops == &i915_gem_phys_ops) 585 return 0; 586 587 if (obj->mm.madv != I915_MADV_WILLNEED) 588 return -EFAULT; 589 590 if (obj->base.filp == NULL) 591 return -EINVAL; 592 593 ret = i915_gem_object_unbind(obj); 594 if (ret) 595 return ret; 596 597 __i915_gem_object_put_pages(obj, I915_MM_NORMAL); 598 if (obj->mm.pages) 599 return -EBUSY; 600 601 GEM_BUG_ON(obj->ops != &i915_gem_object_ops); 602 obj->ops = &i915_gem_phys_ops; 603 604 ret = i915_gem_object_pin_pages(obj); 605 if (ret) 606 goto err_xfer; 607 608 return 0; 609 610 err_xfer: 611 obj->ops = &i915_gem_object_ops; 612 return ret; 613 } 614 615 static int 616 i915_gem_phys_pwrite(struct drm_i915_gem_object *obj, 617 struct drm_i915_gem_pwrite *args, 618 struct drm_file *file) 619 { 620 void *vaddr = obj->phys_handle->vaddr + args->offset; 621 char __user *user_data = u64_to_user_ptr(args->data_ptr); 622 623 /* We manually control the domain here and pretend that it 624 * remains coherent i.e. in the GTT domain, like shmem_pwrite. 625 */ 626 intel_fb_obj_invalidate(obj, ORIGIN_CPU); 627 if (copy_from_user(vaddr, user_data, args->size)) 628 return -EFAULT; 629 630 drm_clflush_virt_range(vaddr, args->size); 631 i915_gem_chipset_flush(to_i915(obj->base.dev)); 632 633 intel_fb_obj_flush(obj, ORIGIN_CPU); 634 return 0; 635 } 636 637 void *i915_gem_object_alloc(struct drm_i915_private *dev_priv) 638 { 639 return kmem_cache_zalloc(dev_priv->objects, GFP_KERNEL); 640 } 641 642 void i915_gem_object_free(struct drm_i915_gem_object *obj) 643 { 644 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 645 kmem_cache_free(dev_priv->objects, obj); 646 } 647 648 static int 649 i915_gem_create(struct drm_file *file, 650 struct drm_i915_private *dev_priv, 651 uint64_t size, 652 uint32_t *handle_p) 653 { 654 struct drm_i915_gem_object *obj; 655 int ret; 656 u32 handle; 657 658 size = roundup(size, PAGE_SIZE); 659 if (size == 0) 660 return -EINVAL; 661 662 /* Allocate the new object */ 663 obj = i915_gem_object_create(dev_priv, size); 664 if (IS_ERR(obj)) 665 return PTR_ERR(obj); 666 667 ret = drm_gem_handle_create(file, &obj->base, &handle); 668 /* drop reference from allocate - handle holds it now */ 669 i915_gem_object_put(obj); 670 if (ret) 671 return ret; 672 673 *handle_p = handle; 674 return 0; 675 } 676 677 int 678 i915_gem_dumb_create(struct drm_file *file, 679 struct drm_device *dev, 680 struct drm_mode_create_dumb *args) 681 { 682 /* have to work out size/pitch and return them */ 683 args->pitch = ALIGN(args->width * DIV_ROUND_UP(args->bpp, 8), 64); 684 args->size = args->pitch * args->height; 685 return i915_gem_create(file, to_i915(dev), 686 args->size, &args->handle); 687 } 688 689 /** 690 * Creates a new mm object and returns a handle to it. 691 * @dev: drm device pointer 692 * @data: ioctl data blob 693 * @file: drm file pointer 694 */ 695 int 696 i915_gem_create_ioctl(struct drm_device *dev, void *data, 697 struct drm_file *file) 698 { 699 struct drm_i915_private *dev_priv = to_i915(dev); 700 struct drm_i915_gem_create *args = data; 701 702 i915_gem_flush_free_objects(dev_priv); 703 704 return i915_gem_create(file, dev_priv, 705 args->size, &args->handle); 706 } 707 708 static inline int 709 __copy_to_user_swizzled(char __user *cpu_vaddr, 710 const char *gpu_vaddr, int gpu_offset, 711 int length) 712 { 713 int ret, cpu_offset = 0; 714 715 while (length > 0) { 716 int cacheline_end = ALIGN(gpu_offset + 1, 64); 717 int this_length = min(cacheline_end - gpu_offset, length); 718 int swizzled_gpu_offset = gpu_offset ^ 64; 719 720 ret = __copy_to_user(cpu_vaddr + cpu_offset, 721 gpu_vaddr + swizzled_gpu_offset, 722 this_length); 723 if (ret) 724 return ret + length; 725 726 cpu_offset += this_length; 727 gpu_offset += this_length; 728 length -= this_length; 729 } 730 731 return 0; 732 } 733 734 static inline int 735 __copy_from_user_swizzled(char *gpu_vaddr, int gpu_offset, 736 const char __user *cpu_vaddr, 737 int length) 738 { 739 int ret, cpu_offset = 0; 740 741 while (length > 0) { 742 int cacheline_end = ALIGN(gpu_offset + 1, 64); 743 int this_length = min(cacheline_end - gpu_offset, length); 744 int swizzled_gpu_offset = gpu_offset ^ 64; 745 746 ret = __copy_from_user(gpu_vaddr + swizzled_gpu_offset, 747 cpu_vaddr + cpu_offset, 748 this_length); 749 if (ret) 750 return ret + length; 751 752 cpu_offset += this_length; 753 gpu_offset += this_length; 754 length -= this_length; 755 } 756 757 return 0; 758 } 759 760 /* 761 * Pins the specified object's pages and synchronizes the object with 762 * GPU accesses. Sets needs_clflush to non-zero if the caller should 763 * flush the object from the CPU cache. 764 */ 765 int i915_gem_obj_prepare_shmem_read(struct drm_i915_gem_object *obj, 766 unsigned int *needs_clflush) 767 { 768 int ret; 769 770 lockdep_assert_held(&obj->base.dev->struct_mutex); 771 772 *needs_clflush = 0; 773 if (!i915_gem_object_has_struct_page(obj)) 774 return -ENODEV; 775 776 ret = i915_gem_object_wait(obj, 777 I915_WAIT_INTERRUPTIBLE | 778 I915_WAIT_LOCKED, 779 MAX_SCHEDULE_TIMEOUT, 780 NULL); 781 if (ret) 782 return ret; 783 784 ret = i915_gem_object_pin_pages(obj); 785 if (ret) 786 return ret; 787 788 if (i915_gem_object_is_coherent(obj) || 789 !static_cpu_has(X86_FEATURE_CLFLUSH)) { 790 ret = i915_gem_object_set_to_cpu_domain(obj, false); 791 if (ret) 792 goto err_unpin; 793 else 794 goto out; 795 } 796 797 i915_gem_object_flush_gtt_write_domain(obj); 798 799 /* If we're not in the cpu read domain, set ourself into the gtt 800 * read domain and manually flush cachelines (if required). This 801 * optimizes for the case when the gpu will dirty the data 802 * anyway again before the next pread happens. 803 */ 804 if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU)) 805 *needs_clflush = CLFLUSH_BEFORE; 806 807 out: 808 /* return with the pages pinned */ 809 return 0; 810 811 err_unpin: 812 i915_gem_object_unpin_pages(obj); 813 return ret; 814 } 815 816 int i915_gem_obj_prepare_shmem_write(struct drm_i915_gem_object *obj, 817 unsigned int *needs_clflush) 818 { 819 int ret; 820 821 lockdep_assert_held(&obj->base.dev->struct_mutex); 822 823 *needs_clflush = 0; 824 if (!i915_gem_object_has_struct_page(obj)) 825 return -ENODEV; 826 827 ret = i915_gem_object_wait(obj, 828 I915_WAIT_INTERRUPTIBLE | 829 I915_WAIT_LOCKED | 830 I915_WAIT_ALL, 831 MAX_SCHEDULE_TIMEOUT, 832 NULL); 833 if (ret) 834 return ret; 835 836 ret = i915_gem_object_pin_pages(obj); 837 if (ret) 838 return ret; 839 840 if (i915_gem_object_is_coherent(obj) || 841 !static_cpu_has(X86_FEATURE_CLFLUSH)) { 842 ret = i915_gem_object_set_to_cpu_domain(obj, true); 843 if (ret) 844 goto err_unpin; 845 else 846 goto out; 847 } 848 849 i915_gem_object_flush_gtt_write_domain(obj); 850 851 /* If we're not in the cpu write domain, set ourself into the 852 * gtt write domain and manually flush cachelines (as required). 853 * This optimizes for the case when the gpu will use the data 854 * right away and we therefore have to clflush anyway. 855 */ 856 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU) 857 *needs_clflush |= CLFLUSH_AFTER; 858 859 /* Same trick applies to invalidate partially written cachelines read 860 * before writing. 861 */ 862 if (!(obj->base.read_domains & I915_GEM_DOMAIN_CPU)) 863 *needs_clflush |= CLFLUSH_BEFORE; 864 865 out: 866 intel_fb_obj_invalidate(obj, ORIGIN_CPU); 867 obj->mm.dirty = true; 868 /* return with the pages pinned */ 869 return 0; 870 871 err_unpin: 872 i915_gem_object_unpin_pages(obj); 873 return ret; 874 } 875 876 static void 877 shmem_clflush_swizzled_range(char *addr, unsigned long length, 878 bool swizzled) 879 { 880 if (unlikely(swizzled)) { 881 unsigned long start = (unsigned long) addr; 882 unsigned long end = (unsigned long) addr + length; 883 884 /* For swizzling simply ensure that we always flush both 885 * channels. Lame, but simple and it works. Swizzled 886 * pwrite/pread is far from a hotpath - current userspace 887 * doesn't use it at all. */ 888 start = round_down(start, 128); 889 end = round_up(end, 128); 890 891 drm_clflush_virt_range((void *)start, end - start); 892 } else { 893 drm_clflush_virt_range(addr, length); 894 } 895 896 } 897 898 /* Only difference to the fast-path function is that this can handle bit17 899 * and uses non-atomic copy and kmap functions. */ 900 static int 901 shmem_pread_slow(struct page *page, int offset, int length, 902 char __user *user_data, 903 bool page_do_bit17_swizzling, bool needs_clflush) 904 { 905 char *vaddr; 906 int ret; 907 908 vaddr = kmap(page); 909 if (needs_clflush) 910 shmem_clflush_swizzled_range(vaddr + offset, length, 911 page_do_bit17_swizzling); 912 913 if (page_do_bit17_swizzling) 914 ret = __copy_to_user_swizzled(user_data, vaddr, offset, length); 915 else 916 ret = __copy_to_user(user_data, vaddr + offset, length); 917 kunmap(page); 918 919 return ret ? - EFAULT : 0; 920 } 921 922 static int 923 shmem_pread(struct page *page, int offset, int length, char __user *user_data, 924 bool page_do_bit17_swizzling, bool needs_clflush) 925 { 926 int ret; 927 928 ret = -ENODEV; 929 if (!page_do_bit17_swizzling) { 930 char *vaddr = kmap_atomic(page); 931 932 if (needs_clflush) 933 drm_clflush_virt_range(vaddr + offset, length); 934 ret = __copy_to_user_inatomic(user_data, vaddr + offset, length); 935 kunmap_atomic(vaddr); 936 } 937 if (ret == 0) 938 return 0; 939 940 return shmem_pread_slow(page, offset, length, user_data, 941 page_do_bit17_swizzling, needs_clflush); 942 } 943 944 static int 945 i915_gem_shmem_pread(struct drm_i915_gem_object *obj, 946 struct drm_i915_gem_pread *args) 947 { 948 char __user *user_data; 949 u64 remain; 950 unsigned int obj_do_bit17_swizzling; 951 unsigned int needs_clflush; 952 unsigned int idx, offset; 953 int ret; 954 955 obj_do_bit17_swizzling = 0; 956 if (i915_gem_object_needs_bit17_swizzle(obj)) 957 obj_do_bit17_swizzling = BIT(17); 958 959 ret = mutex_lock_interruptible(&obj->base.dev->struct_mutex); 960 if (ret) 961 return ret; 962 963 ret = i915_gem_obj_prepare_shmem_read(obj, &needs_clflush); 964 mutex_unlock(&obj->base.dev->struct_mutex); 965 if (ret) 966 return ret; 967 968 remain = args->size; 969 user_data = u64_to_user_ptr(args->data_ptr); 970 offset = offset_in_page(args->offset); 971 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { 972 struct page *page = i915_gem_object_get_page(obj, idx); 973 int length; 974 975 length = remain; 976 if (offset + length > PAGE_SIZE) 977 length = PAGE_SIZE - offset; 978 979 ret = shmem_pread(page, offset, length, user_data, 980 page_to_phys(page) & obj_do_bit17_swizzling, 981 needs_clflush); 982 if (ret) 983 break; 984 985 remain -= length; 986 user_data += length; 987 offset = 0; 988 } 989 990 i915_gem_obj_finish_shmem_access(obj); 991 return ret; 992 } 993 994 static inline bool 995 gtt_user_read(struct io_mapping *mapping, 996 loff_t base, int offset, 997 char __user *user_data, int length) 998 { 999 void *vaddr; 1000 unsigned long unwritten; 1001 1002 /* We can use the cpu mem copy function because this is X86. */ 1003 vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base); 1004 unwritten = __copy_to_user_inatomic(user_data, vaddr + offset, length); 1005 io_mapping_unmap_atomic(vaddr); 1006 if (unwritten) { 1007 vaddr = (void __force *) 1008 io_mapping_map_wc(mapping, base, PAGE_SIZE); 1009 unwritten = copy_to_user(user_data, vaddr + offset, length); 1010 io_mapping_unmap(vaddr); 1011 } 1012 return unwritten; 1013 } 1014 1015 static int 1016 i915_gem_gtt_pread(struct drm_i915_gem_object *obj, 1017 const struct drm_i915_gem_pread *args) 1018 { 1019 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1020 struct i915_ggtt *ggtt = &i915->ggtt; 1021 struct drm_mm_node node; 1022 struct i915_vma *vma; 1023 void __user *user_data; 1024 u64 remain, offset; 1025 int ret; 1026 1027 ret = mutex_lock_interruptible(&i915->drm.struct_mutex); 1028 if (ret) 1029 return ret; 1030 1031 intel_runtime_pm_get(i915); 1032 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, 1033 PIN_MAPPABLE | PIN_NONBLOCK); 1034 if (!IS_ERR(vma)) { 1035 node.start = i915_ggtt_offset(vma); 1036 node.allocated = false; 1037 ret = i915_vma_put_fence(vma); 1038 if (ret) { 1039 i915_vma_unpin(vma); 1040 vma = ERR_PTR(ret); 1041 } 1042 } 1043 if (IS_ERR(vma)) { 1044 ret = insert_mappable_node(ggtt, &node, PAGE_SIZE); 1045 if (ret) 1046 goto out_unlock; 1047 GEM_BUG_ON(!node.allocated); 1048 } 1049 1050 ret = i915_gem_object_set_to_gtt_domain(obj, false); 1051 if (ret) 1052 goto out_unpin; 1053 1054 mutex_unlock(&i915->drm.struct_mutex); 1055 1056 user_data = u64_to_user_ptr(args->data_ptr); 1057 remain = args->size; 1058 offset = args->offset; 1059 1060 while (remain > 0) { 1061 /* Operation in this page 1062 * 1063 * page_base = page offset within aperture 1064 * page_offset = offset within page 1065 * page_length = bytes to copy for this page 1066 */ 1067 u32 page_base = node.start; 1068 unsigned page_offset = offset_in_page(offset); 1069 unsigned page_length = PAGE_SIZE - page_offset; 1070 page_length = remain < page_length ? remain : page_length; 1071 if (node.allocated) { 1072 wmb(); 1073 ggtt->base.insert_page(&ggtt->base, 1074 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT), 1075 node.start, I915_CACHE_NONE, 0); 1076 wmb(); 1077 } else { 1078 page_base += offset & PAGE_MASK; 1079 } 1080 1081 if (gtt_user_read(&ggtt->mappable, page_base, page_offset, 1082 user_data, page_length)) { 1083 ret = -EFAULT; 1084 break; 1085 } 1086 1087 remain -= page_length; 1088 user_data += page_length; 1089 offset += page_length; 1090 } 1091 1092 mutex_lock(&i915->drm.struct_mutex); 1093 out_unpin: 1094 if (node.allocated) { 1095 wmb(); 1096 ggtt->base.clear_range(&ggtt->base, 1097 node.start, node.size); 1098 remove_mappable_node(&node); 1099 } else { 1100 i915_vma_unpin(vma); 1101 } 1102 out_unlock: 1103 intel_runtime_pm_put(i915); 1104 mutex_unlock(&i915->drm.struct_mutex); 1105 1106 return ret; 1107 } 1108 1109 /** 1110 * Reads data from the object referenced by handle. 1111 * @dev: drm device pointer 1112 * @data: ioctl data blob 1113 * @file: drm file pointer 1114 * 1115 * On error, the contents of *data are undefined. 1116 */ 1117 int 1118 i915_gem_pread_ioctl(struct drm_device *dev, void *data, 1119 struct drm_file *file) 1120 { 1121 struct drm_i915_gem_pread *args = data; 1122 struct drm_i915_gem_object *obj; 1123 int ret; 1124 1125 if (args->size == 0) 1126 return 0; 1127 1128 if (!access_ok(VERIFY_WRITE, 1129 u64_to_user_ptr(args->data_ptr), 1130 args->size)) 1131 return -EFAULT; 1132 1133 obj = i915_gem_object_lookup(file, args->handle); 1134 if (!obj) 1135 return -ENOENT; 1136 1137 /* Bounds check source. */ 1138 if (range_overflows_t(u64, args->offset, args->size, obj->base.size)) { 1139 ret = -EINVAL; 1140 goto out; 1141 } 1142 1143 trace_i915_gem_object_pread(obj, args->offset, args->size); 1144 1145 ret = i915_gem_object_wait(obj, 1146 I915_WAIT_INTERRUPTIBLE, 1147 MAX_SCHEDULE_TIMEOUT, 1148 to_rps_client(file)); 1149 if (ret) 1150 goto out; 1151 1152 ret = i915_gem_object_pin_pages(obj); 1153 if (ret) 1154 goto out; 1155 1156 ret = i915_gem_shmem_pread(obj, args); 1157 if (ret == -EFAULT || ret == -ENODEV) 1158 ret = i915_gem_gtt_pread(obj, args); 1159 1160 i915_gem_object_unpin_pages(obj); 1161 out: 1162 i915_gem_object_put(obj); 1163 return ret; 1164 } 1165 1166 /* This is the fast write path which cannot handle 1167 * page faults in the source data 1168 */ 1169 1170 static inline bool 1171 ggtt_write(struct io_mapping *mapping, 1172 loff_t base, int offset, 1173 char __user *user_data, int length) 1174 { 1175 void *vaddr; 1176 unsigned long unwritten; 1177 1178 /* We can use the cpu mem copy function because this is X86. */ 1179 vaddr = (void __force *)io_mapping_map_atomic_wc(mapping, base); 1180 unwritten = __copy_from_user_inatomic_nocache(vaddr + offset, 1181 user_data, length); 1182 io_mapping_unmap_atomic(vaddr); 1183 if (unwritten) { 1184 vaddr = (void __force *) 1185 io_mapping_map_wc(mapping, base, PAGE_SIZE); 1186 unwritten = copy_from_user(vaddr + offset, user_data, length); 1187 io_mapping_unmap(vaddr); 1188 } 1189 1190 return unwritten; 1191 } 1192 1193 /** 1194 * This is the fast pwrite path, where we copy the data directly from the 1195 * user into the GTT, uncached. 1196 * @obj: i915 GEM object 1197 * @args: pwrite arguments structure 1198 */ 1199 static int 1200 i915_gem_gtt_pwrite_fast(struct drm_i915_gem_object *obj, 1201 const struct drm_i915_gem_pwrite *args) 1202 { 1203 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1204 struct i915_ggtt *ggtt = &i915->ggtt; 1205 struct drm_mm_node node; 1206 struct i915_vma *vma; 1207 u64 remain, offset; 1208 void __user *user_data; 1209 int ret; 1210 1211 ret = mutex_lock_interruptible(&i915->drm.struct_mutex); 1212 if (ret) 1213 return ret; 1214 1215 intel_runtime_pm_get(i915); 1216 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, 1217 PIN_MAPPABLE | PIN_NONBLOCK); 1218 if (!IS_ERR(vma)) { 1219 node.start = i915_ggtt_offset(vma); 1220 node.allocated = false; 1221 ret = i915_vma_put_fence(vma); 1222 if (ret) { 1223 i915_vma_unpin(vma); 1224 vma = ERR_PTR(ret); 1225 } 1226 } 1227 if (IS_ERR(vma)) { 1228 ret = insert_mappable_node(ggtt, &node, PAGE_SIZE); 1229 if (ret) 1230 goto out_unlock; 1231 GEM_BUG_ON(!node.allocated); 1232 } 1233 1234 ret = i915_gem_object_set_to_gtt_domain(obj, true); 1235 if (ret) 1236 goto out_unpin; 1237 1238 mutex_unlock(&i915->drm.struct_mutex); 1239 1240 intel_fb_obj_invalidate(obj, ORIGIN_CPU); 1241 1242 user_data = u64_to_user_ptr(args->data_ptr); 1243 offset = args->offset; 1244 remain = args->size; 1245 while (remain) { 1246 /* Operation in this page 1247 * 1248 * page_base = page offset within aperture 1249 * page_offset = offset within page 1250 * page_length = bytes to copy for this page 1251 */ 1252 u32 page_base = node.start; 1253 unsigned int page_offset = offset_in_page(offset); 1254 unsigned int page_length = PAGE_SIZE - page_offset; 1255 page_length = remain < page_length ? remain : page_length; 1256 if (node.allocated) { 1257 wmb(); /* flush the write before we modify the GGTT */ 1258 ggtt->base.insert_page(&ggtt->base, 1259 i915_gem_object_get_dma_address(obj, offset >> PAGE_SHIFT), 1260 node.start, I915_CACHE_NONE, 0); 1261 wmb(); /* flush modifications to the GGTT (insert_page) */ 1262 } else { 1263 page_base += offset & PAGE_MASK; 1264 } 1265 /* If we get a fault while copying data, then (presumably) our 1266 * source page isn't available. Return the error and we'll 1267 * retry in the slow path. 1268 * If the object is non-shmem backed, we retry again with the 1269 * path that handles page fault. 1270 */ 1271 if (ggtt_write(&ggtt->mappable, page_base, page_offset, 1272 user_data, page_length)) { 1273 ret = -EFAULT; 1274 break; 1275 } 1276 1277 remain -= page_length; 1278 user_data += page_length; 1279 offset += page_length; 1280 } 1281 intel_fb_obj_flush(obj, ORIGIN_CPU); 1282 1283 mutex_lock(&i915->drm.struct_mutex); 1284 out_unpin: 1285 if (node.allocated) { 1286 wmb(); 1287 ggtt->base.clear_range(&ggtt->base, 1288 node.start, node.size); 1289 remove_mappable_node(&node); 1290 } else { 1291 i915_vma_unpin(vma); 1292 } 1293 out_unlock: 1294 intel_runtime_pm_put(i915); 1295 mutex_unlock(&i915->drm.struct_mutex); 1296 return ret; 1297 } 1298 1299 static int 1300 shmem_pwrite_slow(struct page *page, int offset, int length, 1301 char __user *user_data, 1302 bool page_do_bit17_swizzling, 1303 bool needs_clflush_before, 1304 bool needs_clflush_after) 1305 { 1306 char *vaddr; 1307 int ret; 1308 1309 vaddr = kmap(page); 1310 if (unlikely(needs_clflush_before || page_do_bit17_swizzling)) 1311 shmem_clflush_swizzled_range(vaddr + offset, length, 1312 page_do_bit17_swizzling); 1313 if (page_do_bit17_swizzling) 1314 ret = __copy_from_user_swizzled(vaddr, offset, user_data, 1315 length); 1316 else 1317 ret = __copy_from_user(vaddr + offset, user_data, length); 1318 if (needs_clflush_after) 1319 shmem_clflush_swizzled_range(vaddr + offset, length, 1320 page_do_bit17_swizzling); 1321 kunmap(page); 1322 1323 return ret ? -EFAULT : 0; 1324 } 1325 1326 /* Per-page copy function for the shmem pwrite fastpath. 1327 * Flushes invalid cachelines before writing to the target if 1328 * needs_clflush_before is set and flushes out any written cachelines after 1329 * writing if needs_clflush is set. 1330 */ 1331 static int 1332 shmem_pwrite(struct page *page, int offset, int len, char __user *user_data, 1333 bool page_do_bit17_swizzling, 1334 bool needs_clflush_before, 1335 bool needs_clflush_after) 1336 { 1337 int ret; 1338 1339 ret = -ENODEV; 1340 if (!page_do_bit17_swizzling) { 1341 char *vaddr = kmap_atomic(page); 1342 1343 if (needs_clflush_before) 1344 drm_clflush_virt_range(vaddr + offset, len); 1345 ret = __copy_from_user_inatomic(vaddr + offset, user_data, len); 1346 if (needs_clflush_after) 1347 drm_clflush_virt_range(vaddr + offset, len); 1348 1349 kunmap_atomic(vaddr); 1350 } 1351 if (ret == 0) 1352 return ret; 1353 1354 return shmem_pwrite_slow(page, offset, len, user_data, 1355 page_do_bit17_swizzling, 1356 needs_clflush_before, 1357 needs_clflush_after); 1358 } 1359 1360 static int 1361 i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj, 1362 const struct drm_i915_gem_pwrite *args) 1363 { 1364 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1365 void __user *user_data; 1366 u64 remain; 1367 unsigned int obj_do_bit17_swizzling; 1368 unsigned int partial_cacheline_write; 1369 unsigned int needs_clflush; 1370 unsigned int offset, idx; 1371 int ret; 1372 1373 ret = mutex_lock_interruptible(&i915->drm.struct_mutex); 1374 if (ret) 1375 return ret; 1376 1377 ret = i915_gem_obj_prepare_shmem_write(obj, &needs_clflush); 1378 mutex_unlock(&i915->drm.struct_mutex); 1379 if (ret) 1380 return ret; 1381 1382 obj_do_bit17_swizzling = 0; 1383 if (i915_gem_object_needs_bit17_swizzle(obj)) 1384 obj_do_bit17_swizzling = BIT(17); 1385 1386 /* If we don't overwrite a cacheline completely we need to be 1387 * careful to have up-to-date data by first clflushing. Don't 1388 * overcomplicate things and flush the entire patch. 1389 */ 1390 partial_cacheline_write = 0; 1391 if (needs_clflush & CLFLUSH_BEFORE) 1392 partial_cacheline_write = boot_cpu_data.x86_clflush_size - 1; 1393 1394 user_data = u64_to_user_ptr(args->data_ptr); 1395 remain = args->size; 1396 offset = offset_in_page(args->offset); 1397 for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { 1398 struct page *page = i915_gem_object_get_page(obj, idx); 1399 int length; 1400 1401 length = remain; 1402 if (offset + length > PAGE_SIZE) 1403 length = PAGE_SIZE - offset; 1404 1405 ret = shmem_pwrite(page, offset, length, user_data, 1406 page_to_phys(page) & obj_do_bit17_swizzling, 1407 (offset | length) & partial_cacheline_write, 1408 needs_clflush & CLFLUSH_AFTER); 1409 if (ret) 1410 break; 1411 1412 remain -= length; 1413 user_data += length; 1414 offset = 0; 1415 } 1416 1417 intel_fb_obj_flush(obj, ORIGIN_CPU); 1418 i915_gem_obj_finish_shmem_access(obj); 1419 return ret; 1420 } 1421 1422 /** 1423 * Writes data to the object referenced by handle. 1424 * @dev: drm device 1425 * @data: ioctl data blob 1426 * @file: drm file 1427 * 1428 * On error, the contents of the buffer that were to be modified are undefined. 1429 */ 1430 int 1431 i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, 1432 struct drm_file *file) 1433 { 1434 struct drm_i915_gem_pwrite *args = data; 1435 struct drm_i915_gem_object *obj; 1436 int ret; 1437 1438 if (args->size == 0) 1439 return 0; 1440 1441 if (!access_ok(VERIFY_READ, 1442 u64_to_user_ptr(args->data_ptr), 1443 args->size)) 1444 return -EFAULT; 1445 1446 obj = i915_gem_object_lookup(file, args->handle); 1447 if (!obj) 1448 return -ENOENT; 1449 1450 /* Bounds check destination. */ 1451 if (range_overflows_t(u64, args->offset, args->size, obj->base.size)) { 1452 ret = -EINVAL; 1453 goto err; 1454 } 1455 1456 trace_i915_gem_object_pwrite(obj, args->offset, args->size); 1457 1458 ret = -ENODEV; 1459 if (obj->ops->pwrite) 1460 ret = obj->ops->pwrite(obj, args); 1461 if (ret != -ENODEV) 1462 goto err; 1463 1464 ret = i915_gem_object_wait(obj, 1465 I915_WAIT_INTERRUPTIBLE | 1466 I915_WAIT_ALL, 1467 MAX_SCHEDULE_TIMEOUT, 1468 to_rps_client(file)); 1469 if (ret) 1470 goto err; 1471 1472 ret = i915_gem_object_pin_pages(obj); 1473 if (ret) 1474 goto err; 1475 1476 ret = -EFAULT; 1477 /* We can only do the GTT pwrite on untiled buffers, as otherwise 1478 * it would end up going through the fenced access, and we'll get 1479 * different detiling behavior between reading and writing. 1480 * pread/pwrite currently are reading and writing from the CPU 1481 * perspective, requiring manual detiling by the client. 1482 */ 1483 if (!i915_gem_object_has_struct_page(obj) || 1484 cpu_write_needs_clflush(obj)) 1485 /* Note that the gtt paths might fail with non-page-backed user 1486 * pointers (e.g. gtt mappings when moving data between 1487 * textures). Fallback to the shmem path in that case. 1488 */ 1489 ret = i915_gem_gtt_pwrite_fast(obj, args); 1490 1491 if (ret == -EFAULT || ret == -ENOSPC) { 1492 if (obj->phys_handle) 1493 ret = i915_gem_phys_pwrite(obj, args, file); 1494 else 1495 ret = i915_gem_shmem_pwrite(obj, args); 1496 } 1497 1498 i915_gem_object_unpin_pages(obj); 1499 err: 1500 i915_gem_object_put(obj); 1501 return ret; 1502 } 1503 1504 static inline enum fb_op_origin 1505 write_origin(struct drm_i915_gem_object *obj, unsigned domain) 1506 { 1507 return (domain == I915_GEM_DOMAIN_GTT ? 1508 obj->frontbuffer_ggtt_origin : ORIGIN_CPU); 1509 } 1510 1511 static void i915_gem_object_bump_inactive_ggtt(struct drm_i915_gem_object *obj) 1512 { 1513 struct drm_i915_private *i915; 1514 struct list_head *list; 1515 struct i915_vma *vma; 1516 1517 list_for_each_entry(vma, &obj->vma_list, obj_link) { 1518 if (!i915_vma_is_ggtt(vma)) 1519 break; 1520 1521 if (i915_vma_is_active(vma)) 1522 continue; 1523 1524 if (!drm_mm_node_allocated(&vma->node)) 1525 continue; 1526 1527 list_move_tail(&vma->vm_link, &vma->vm->inactive_list); 1528 } 1529 1530 i915 = to_i915(obj->base.dev); 1531 list = obj->bind_count ? &i915->mm.bound_list : &i915->mm.unbound_list; 1532 list_move_tail(&obj->global_link, list); 1533 } 1534 1535 /** 1536 * Called when user space prepares to use an object with the CPU, either 1537 * through the mmap ioctl's mapping or a GTT mapping. 1538 * @dev: drm device 1539 * @data: ioctl data blob 1540 * @file: drm file 1541 */ 1542 int 1543 i915_gem_set_domain_ioctl(struct drm_device *dev, void *data, 1544 struct drm_file *file) 1545 { 1546 struct drm_i915_gem_set_domain *args = data; 1547 struct drm_i915_gem_object *obj; 1548 uint32_t read_domains = args->read_domains; 1549 uint32_t write_domain = args->write_domain; 1550 int err; 1551 1552 /* Only handle setting domains to types used by the CPU. */ 1553 if ((write_domain | read_domains) & I915_GEM_GPU_DOMAINS) 1554 return -EINVAL; 1555 1556 /* Having something in the write domain implies it's in the read 1557 * domain, and only that read domain. Enforce that in the request. 1558 */ 1559 if (write_domain != 0 && read_domains != write_domain) 1560 return -EINVAL; 1561 1562 obj = i915_gem_object_lookup(file, args->handle); 1563 if (!obj) 1564 return -ENOENT; 1565 1566 /* Try to flush the object off the GPU without holding the lock. 1567 * We will repeat the flush holding the lock in the normal manner 1568 * to catch cases where we are gazumped. 1569 */ 1570 err = i915_gem_object_wait(obj, 1571 I915_WAIT_INTERRUPTIBLE | 1572 (write_domain ? I915_WAIT_ALL : 0), 1573 MAX_SCHEDULE_TIMEOUT, 1574 to_rps_client(file)); 1575 if (err) 1576 goto out; 1577 1578 /* Flush and acquire obj->pages so that we are coherent through 1579 * direct access in memory with previous cached writes through 1580 * shmemfs and that our cache domain tracking remains valid. 1581 * For example, if the obj->filp was moved to swap without us 1582 * being notified and releasing the pages, we would mistakenly 1583 * continue to assume that the obj remained out of the CPU cached 1584 * domain. 1585 */ 1586 err = i915_gem_object_pin_pages(obj); 1587 if (err) 1588 goto out; 1589 1590 err = i915_mutex_lock_interruptible(dev); 1591 if (err) 1592 goto out_unpin; 1593 1594 if (read_domains & I915_GEM_DOMAIN_GTT) 1595 err = i915_gem_object_set_to_gtt_domain(obj, write_domain != 0); 1596 else 1597 err = i915_gem_object_set_to_cpu_domain(obj, write_domain != 0); 1598 1599 /* And bump the LRU for this access */ 1600 i915_gem_object_bump_inactive_ggtt(obj); 1601 1602 mutex_unlock(&dev->struct_mutex); 1603 1604 if (write_domain != 0) 1605 intel_fb_obj_invalidate(obj, write_origin(obj, write_domain)); 1606 1607 out_unpin: 1608 i915_gem_object_unpin_pages(obj); 1609 out: 1610 i915_gem_object_put(obj); 1611 return err; 1612 } 1613 1614 /** 1615 * Called when user space has done writes to this buffer 1616 * @dev: drm device 1617 * @data: ioctl data blob 1618 * @file: drm file 1619 */ 1620 int 1621 i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data, 1622 struct drm_file *file) 1623 { 1624 struct drm_i915_gem_sw_finish *args = data; 1625 struct drm_i915_gem_object *obj; 1626 1627 obj = i915_gem_object_lookup(file, args->handle); 1628 if (!obj) 1629 return -ENOENT; 1630 1631 /* Pinned buffers may be scanout, so flush the cache */ 1632 i915_gem_object_flush_if_display(obj); 1633 i915_gem_object_put(obj); 1634 1635 return 0; 1636 } 1637 1638 /** 1639 * i915_gem_mmap_ioctl - Maps the contents of an object, returning the address 1640 * it is mapped to. 1641 * @dev: drm device 1642 * @data: ioctl data blob 1643 * @file: drm file 1644 * 1645 * While the mapping holds a reference on the contents of the object, it doesn't 1646 * imply a ref on the object itself. 1647 * 1648 * IMPORTANT: 1649 * 1650 * DRM driver writers who look a this function as an example for how to do GEM 1651 * mmap support, please don't implement mmap support like here. The modern way 1652 * to implement DRM mmap support is with an mmap offset ioctl (like 1653 * i915_gem_mmap_gtt) and then using the mmap syscall on the DRM fd directly. 1654 * That way debug tooling like valgrind will understand what's going on, hiding 1655 * the mmap call in a driver private ioctl will break that. The i915 driver only 1656 * does cpu mmaps this way because we didn't know better. 1657 */ 1658 int 1659 i915_gem_mmap_ioctl(struct drm_device *dev, void *data, 1660 struct drm_file *file) 1661 { 1662 struct drm_i915_gem_mmap *args = data; 1663 struct drm_i915_gem_object *obj; 1664 unsigned long addr; 1665 1666 if (args->flags & ~(I915_MMAP_WC)) 1667 return -EINVAL; 1668 1669 if (args->flags & I915_MMAP_WC && !boot_cpu_has(X86_FEATURE_PAT)) 1670 return -ENODEV; 1671 1672 obj = i915_gem_object_lookup(file, args->handle); 1673 if (!obj) 1674 return -ENOENT; 1675 1676 /* prime objects have no backing filp to GEM mmap 1677 * pages from. 1678 */ 1679 if (!obj->base.filp) { 1680 i915_gem_object_put(obj); 1681 return -EINVAL; 1682 } 1683 1684 addr = vm_mmap(obj->base.filp, 0, args->size, 1685 PROT_READ | PROT_WRITE, MAP_SHARED, 1686 args->offset); 1687 if (args->flags & I915_MMAP_WC) { 1688 struct mm_struct *mm = current->mm; 1689 struct vm_area_struct *vma; 1690 1691 if (down_write_killable(&mm->mmap_sem)) { 1692 i915_gem_object_put(obj); 1693 return -EINTR; 1694 } 1695 vma = find_vma(mm, addr); 1696 if (vma) 1697 vma->vm_page_prot = 1698 pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); 1699 else 1700 addr = -ENOMEM; 1701 up_write(&mm->mmap_sem); 1702 1703 /* This may race, but that's ok, it only gets set */ 1704 WRITE_ONCE(obj->frontbuffer_ggtt_origin, ORIGIN_CPU); 1705 } 1706 i915_gem_object_put(obj); 1707 if (IS_ERR((void *)addr)) 1708 return addr; 1709 1710 args->addr_ptr = (uint64_t) addr; 1711 1712 return 0; 1713 } 1714 1715 static unsigned int tile_row_pages(struct drm_i915_gem_object *obj) 1716 { 1717 return i915_gem_object_get_tile_row_size(obj) >> PAGE_SHIFT; 1718 } 1719 1720 /** 1721 * i915_gem_mmap_gtt_version - report the current feature set for GTT mmaps 1722 * 1723 * A history of the GTT mmap interface: 1724 * 1725 * 0 - Everything had to fit into the GTT. Both parties of a memcpy had to 1726 * aligned and suitable for fencing, and still fit into the available 1727 * mappable space left by the pinned display objects. A classic problem 1728 * we called the page-fault-of-doom where we would ping-pong between 1729 * two objects that could not fit inside the GTT and so the memcpy 1730 * would page one object in at the expense of the other between every 1731 * single byte. 1732 * 1733 * 1 - Objects can be any size, and have any compatible fencing (X Y, or none 1734 * as set via i915_gem_set_tiling() [DRM_I915_GEM_SET_TILING]). If the 1735 * object is too large for the available space (or simply too large 1736 * for the mappable aperture!), a view is created instead and faulted 1737 * into userspace. (This view is aligned and sized appropriately for 1738 * fenced access.) 1739 * 1740 * Restrictions: 1741 * 1742 * * snoopable objects cannot be accessed via the GTT. It can cause machine 1743 * hangs on some architectures, corruption on others. An attempt to service 1744 * a GTT page fault from a snoopable object will generate a SIGBUS. 1745 * 1746 * * the object must be able to fit into RAM (physical memory, though no 1747 * limited to the mappable aperture). 1748 * 1749 * 1750 * Caveats: 1751 * 1752 * * a new GTT page fault will synchronize rendering from the GPU and flush 1753 * all data to system memory. Subsequent access will not be synchronized. 1754 * 1755 * * all mappings are revoked on runtime device suspend. 1756 * 1757 * * there are only 8, 16 or 32 fence registers to share between all users 1758 * (older machines require fence register for display and blitter access 1759 * as well). Contention of the fence registers will cause the previous users 1760 * to be unmapped and any new access will generate new page faults. 1761 * 1762 * * running out of memory while servicing a fault may generate a SIGBUS, 1763 * rather than the expected SIGSEGV. 1764 */ 1765 int i915_gem_mmap_gtt_version(void) 1766 { 1767 return 1; 1768 } 1769 1770 static inline struct i915_ggtt_view 1771 compute_partial_view(struct drm_i915_gem_object *obj, 1772 pgoff_t page_offset, 1773 unsigned int chunk) 1774 { 1775 struct i915_ggtt_view view; 1776 1777 if (i915_gem_object_is_tiled(obj)) 1778 chunk = roundup(chunk, tile_row_pages(obj)); 1779 1780 view.type = I915_GGTT_VIEW_PARTIAL; 1781 view.partial.offset = rounddown(page_offset, chunk); 1782 view.partial.size = 1783 min_t(unsigned int, chunk, 1784 (obj->base.size >> PAGE_SHIFT) - view.partial.offset); 1785 1786 /* If the partial covers the entire object, just create a normal VMA. */ 1787 if (chunk >= obj->base.size >> PAGE_SHIFT) 1788 view.type = I915_GGTT_VIEW_NORMAL; 1789 1790 return view; 1791 } 1792 1793 /** 1794 * i915_gem_fault - fault a page into the GTT 1795 * @vmf: fault info 1796 * 1797 * The fault handler is set up by drm_gem_mmap() when a object is GTT mapped 1798 * from userspace. The fault handler takes care of binding the object to 1799 * the GTT (if needed), allocating and programming a fence register (again, 1800 * only if needed based on whether the old reg is still valid or the object 1801 * is tiled) and inserting a new PTE into the faulting process. 1802 * 1803 * Note that the faulting process may involve evicting existing objects 1804 * from the GTT and/or fence registers to make room. So performance may 1805 * suffer if the GTT working set is large or there are few fence registers 1806 * left. 1807 * 1808 * The current feature set supported by i915_gem_fault() and thus GTT mmaps 1809 * is exposed via I915_PARAM_MMAP_GTT_VERSION (see i915_gem_mmap_gtt_version). 1810 */ 1811 int i915_gem_fault(struct vm_fault *vmf) 1812 { 1813 #define MIN_CHUNK_PAGES ((1 << 20) >> PAGE_SHIFT) /* 1 MiB */ 1814 struct vm_area_struct *area = vmf->vma; 1815 struct drm_i915_gem_object *obj = to_intel_bo(area->vm_private_data); 1816 struct drm_device *dev = obj->base.dev; 1817 struct drm_i915_private *dev_priv = to_i915(dev); 1818 struct i915_ggtt *ggtt = &dev_priv->ggtt; 1819 bool write = !!(vmf->flags & FAULT_FLAG_WRITE); 1820 struct i915_vma *vma; 1821 pgoff_t page_offset; 1822 unsigned int flags; 1823 int ret; 1824 1825 /* We don't use vmf->pgoff since that has the fake offset */ 1826 page_offset = (vmf->address - area->vm_start) >> PAGE_SHIFT; 1827 1828 trace_i915_gem_object_fault(obj, page_offset, true, write); 1829 1830 /* Try to flush the object off the GPU first without holding the lock. 1831 * Upon acquiring the lock, we will perform our sanity checks and then 1832 * repeat the flush holding the lock in the normal manner to catch cases 1833 * where we are gazumped. 1834 */ 1835 ret = i915_gem_object_wait(obj, 1836 I915_WAIT_INTERRUPTIBLE, 1837 MAX_SCHEDULE_TIMEOUT, 1838 NULL); 1839 if (ret) 1840 goto err; 1841 1842 ret = i915_gem_object_pin_pages(obj); 1843 if (ret) 1844 goto err; 1845 1846 intel_runtime_pm_get(dev_priv); 1847 1848 ret = i915_mutex_lock_interruptible(dev); 1849 if (ret) 1850 goto err_rpm; 1851 1852 /* Access to snoopable pages through the GTT is incoherent. */ 1853 if (obj->cache_level != I915_CACHE_NONE && !HAS_LLC(dev_priv)) { 1854 ret = -EFAULT; 1855 goto err_unlock; 1856 } 1857 1858 /* If the object is smaller than a couple of partial vma, it is 1859 * not worth only creating a single partial vma - we may as well 1860 * clear enough space for the full object. 1861 */ 1862 flags = PIN_MAPPABLE; 1863 if (obj->base.size > 2 * MIN_CHUNK_PAGES << PAGE_SHIFT) 1864 flags |= PIN_NONBLOCK | PIN_NONFAULT; 1865 1866 /* Now pin it into the GTT as needed */ 1867 vma = i915_gem_object_ggtt_pin(obj, NULL, 0, 0, flags); 1868 if (IS_ERR(vma)) { 1869 /* Use a partial view if it is bigger than available space */ 1870 struct i915_ggtt_view view = 1871 compute_partial_view(obj, page_offset, MIN_CHUNK_PAGES); 1872 1873 /* Userspace is now writing through an untracked VMA, abandon 1874 * all hope that the hardware is able to track future writes. 1875 */ 1876 obj->frontbuffer_ggtt_origin = ORIGIN_CPU; 1877 1878 vma = i915_gem_object_ggtt_pin(obj, &view, 0, 0, PIN_MAPPABLE); 1879 } 1880 if (IS_ERR(vma)) { 1881 ret = PTR_ERR(vma); 1882 goto err_unlock; 1883 } 1884 1885 ret = i915_gem_object_set_to_gtt_domain(obj, write); 1886 if (ret) 1887 goto err_unpin; 1888 1889 ret = i915_vma_get_fence(vma); 1890 if (ret) 1891 goto err_unpin; 1892 1893 /* Mark as being mmapped into userspace for later revocation */ 1894 assert_rpm_wakelock_held(dev_priv); 1895 if (list_empty(&obj->userfault_link)) 1896 list_add(&obj->userfault_link, &dev_priv->mm.userfault_list); 1897 1898 /* Finally, remap it using the new GTT offset */ 1899 ret = remap_io_mapping(area, 1900 area->vm_start + (vma->ggtt_view.partial.offset << PAGE_SHIFT), 1901 (ggtt->mappable_base + vma->node.start) >> PAGE_SHIFT, 1902 min_t(u64, vma->size, area->vm_end - area->vm_start), 1903 &ggtt->mappable); 1904 1905 err_unpin: 1906 __i915_vma_unpin(vma); 1907 err_unlock: 1908 mutex_unlock(&dev->struct_mutex); 1909 err_rpm: 1910 intel_runtime_pm_put(dev_priv); 1911 i915_gem_object_unpin_pages(obj); 1912 err: 1913 switch (ret) { 1914 case -EIO: 1915 /* 1916 * We eat errors when the gpu is terminally wedged to avoid 1917 * userspace unduly crashing (gl has no provisions for mmaps to 1918 * fail). But any other -EIO isn't ours (e.g. swap in failure) 1919 * and so needs to be reported. 1920 */ 1921 if (!i915_terminally_wedged(&dev_priv->gpu_error)) { 1922 ret = VM_FAULT_SIGBUS; 1923 break; 1924 } 1925 case -EAGAIN: 1926 /* 1927 * EAGAIN means the gpu is hung and we'll wait for the error 1928 * handler to reset everything when re-faulting in 1929 * i915_mutex_lock_interruptible. 1930 */ 1931 case 0: 1932 case -ERESTARTSYS: 1933 case -EINTR: 1934 case -EBUSY: 1935 /* 1936 * EBUSY is ok: this just means that another thread 1937 * already did the job. 1938 */ 1939 ret = VM_FAULT_NOPAGE; 1940 break; 1941 case -ENOMEM: 1942 ret = VM_FAULT_OOM; 1943 break; 1944 case -ENOSPC: 1945 case -EFAULT: 1946 ret = VM_FAULT_SIGBUS; 1947 break; 1948 default: 1949 WARN_ONCE(ret, "unhandled error in i915_gem_fault: %i\n", ret); 1950 ret = VM_FAULT_SIGBUS; 1951 break; 1952 } 1953 return ret; 1954 } 1955 1956 /** 1957 * i915_gem_release_mmap - remove physical page mappings 1958 * @obj: obj in question 1959 * 1960 * Preserve the reservation of the mmapping with the DRM core code, but 1961 * relinquish ownership of the pages back to the system. 1962 * 1963 * It is vital that we remove the page mapping if we have mapped a tiled 1964 * object through the GTT and then lose the fence register due to 1965 * resource pressure. Similarly if the object has been moved out of the 1966 * aperture, than pages mapped into userspace must be revoked. Removing the 1967 * mapping will then trigger a page fault on the next user access, allowing 1968 * fixup by i915_gem_fault(). 1969 */ 1970 void 1971 i915_gem_release_mmap(struct drm_i915_gem_object *obj) 1972 { 1973 struct drm_i915_private *i915 = to_i915(obj->base.dev); 1974 1975 /* Serialisation between user GTT access and our code depends upon 1976 * revoking the CPU's PTE whilst the mutex is held. The next user 1977 * pagefault then has to wait until we release the mutex. 1978 * 1979 * Note that RPM complicates somewhat by adding an additional 1980 * requirement that operations to the GGTT be made holding the RPM 1981 * wakeref. 1982 */ 1983 lockdep_assert_held(&i915->drm.struct_mutex); 1984 intel_runtime_pm_get(i915); 1985 1986 if (list_empty(&obj->userfault_link)) 1987 goto out; 1988 1989 list_del_init(&obj->userfault_link); 1990 drm_vma_node_unmap(&obj->base.vma_node, 1991 obj->base.dev->anon_inode->i_mapping); 1992 1993 /* Ensure that the CPU's PTE are revoked and there are not outstanding 1994 * memory transactions from userspace before we return. The TLB 1995 * flushing implied above by changing the PTE above *should* be 1996 * sufficient, an extra barrier here just provides us with a bit 1997 * of paranoid documentation about our requirement to serialise 1998 * memory writes before touching registers / GSM. 1999 */ 2000 wmb(); 2001 2002 out: 2003 intel_runtime_pm_put(i915); 2004 } 2005 2006 void i915_gem_runtime_suspend(struct drm_i915_private *dev_priv) 2007 { 2008 struct drm_i915_gem_object *obj, *on; 2009 int i; 2010 2011 /* 2012 * Only called during RPM suspend. All users of the userfault_list 2013 * must be holding an RPM wakeref to ensure that this can not 2014 * run concurrently with themselves (and use the struct_mutex for 2015 * protection between themselves). 2016 */ 2017 2018 list_for_each_entry_safe(obj, on, 2019 &dev_priv->mm.userfault_list, userfault_link) { 2020 list_del_init(&obj->userfault_link); 2021 drm_vma_node_unmap(&obj->base.vma_node, 2022 obj->base.dev->anon_inode->i_mapping); 2023 } 2024 2025 /* The fence will be lost when the device powers down. If any were 2026 * in use by hardware (i.e. they are pinned), we should not be powering 2027 * down! All other fences will be reacquired by the user upon waking. 2028 */ 2029 for (i = 0; i < dev_priv->num_fence_regs; i++) { 2030 struct drm_i915_fence_reg *reg = &dev_priv->fence_regs[i]; 2031 2032 /* Ideally we want to assert that the fence register is not 2033 * live at this point (i.e. that no piece of code will be 2034 * trying to write through fence + GTT, as that both violates 2035 * our tracking of activity and associated locking/barriers, 2036 * but also is illegal given that the hw is powered down). 2037 * 2038 * Previously we used reg->pin_count as a "liveness" indicator. 2039 * That is not sufficient, and we need a more fine-grained 2040 * tool if we want to have a sanity check here. 2041 */ 2042 2043 if (!reg->vma) 2044 continue; 2045 2046 GEM_BUG_ON(!list_empty(®->vma->obj->userfault_link)); 2047 reg->dirty = true; 2048 } 2049 } 2050 2051 static int i915_gem_object_create_mmap_offset(struct drm_i915_gem_object *obj) 2052 { 2053 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 2054 int err; 2055 2056 err = drm_gem_create_mmap_offset(&obj->base); 2057 if (likely(!err)) 2058 return 0; 2059 2060 /* Attempt to reap some mmap space from dead objects */ 2061 do { 2062 err = i915_gem_wait_for_idle(dev_priv, I915_WAIT_INTERRUPTIBLE); 2063 if (err) 2064 break; 2065 2066 i915_gem_drain_freed_objects(dev_priv); 2067 err = drm_gem_create_mmap_offset(&obj->base); 2068 if (!err) 2069 break; 2070 2071 } while (flush_delayed_work(&dev_priv->gt.retire_work)); 2072 2073 return err; 2074 } 2075 2076 static void i915_gem_object_free_mmap_offset(struct drm_i915_gem_object *obj) 2077 { 2078 drm_gem_free_mmap_offset(&obj->base); 2079 } 2080 2081 int 2082 i915_gem_mmap_gtt(struct drm_file *file, 2083 struct drm_device *dev, 2084 uint32_t handle, 2085 uint64_t *offset) 2086 { 2087 struct drm_i915_gem_object *obj; 2088 int ret; 2089 2090 obj = i915_gem_object_lookup(file, handle); 2091 if (!obj) 2092 return -ENOENT; 2093 2094 ret = i915_gem_object_create_mmap_offset(obj); 2095 if (ret == 0) 2096 *offset = drm_vma_node_offset_addr(&obj->base.vma_node); 2097 2098 i915_gem_object_put(obj); 2099 return ret; 2100 } 2101 2102 /** 2103 * i915_gem_mmap_gtt_ioctl - prepare an object for GTT mmap'ing 2104 * @dev: DRM device 2105 * @data: GTT mapping ioctl data 2106 * @file: GEM object info 2107 * 2108 * Simply returns the fake offset to userspace so it can mmap it. 2109 * The mmap call will end up in drm_gem_mmap(), which will set things 2110 * up so we can get faults in the handler above. 2111 * 2112 * The fault handler will take care of binding the object into the GTT 2113 * (since it may have been evicted to make room for something), allocating 2114 * a fence register, and mapping the appropriate aperture address into 2115 * userspace. 2116 */ 2117 int 2118 i915_gem_mmap_gtt_ioctl(struct drm_device *dev, void *data, 2119 struct drm_file *file) 2120 { 2121 struct drm_i915_gem_mmap_gtt *args = data; 2122 2123 return i915_gem_mmap_gtt(file, dev, args->handle, &args->offset); 2124 } 2125 2126 /* Immediately discard the backing storage */ 2127 static void 2128 i915_gem_object_truncate(struct drm_i915_gem_object *obj) 2129 { 2130 i915_gem_object_free_mmap_offset(obj); 2131 2132 if (obj->base.filp == NULL) 2133 return; 2134 2135 /* Our goal here is to return as much of the memory as 2136 * is possible back to the system as we are called from OOM. 2137 * To do this we must instruct the shmfs to drop all of its 2138 * backing pages, *now*. 2139 */ 2140 shmem_truncate_range(file_inode(obj->base.filp), 0, (loff_t)-1); 2141 obj->mm.madv = __I915_MADV_PURGED; 2142 obj->mm.pages = ERR_PTR(-EFAULT); 2143 } 2144 2145 /* Try to discard unwanted pages */ 2146 void __i915_gem_object_invalidate(struct drm_i915_gem_object *obj) 2147 { 2148 struct address_space *mapping; 2149 2150 lockdep_assert_held(&obj->mm.lock); 2151 GEM_BUG_ON(obj->mm.pages); 2152 2153 switch (obj->mm.madv) { 2154 case I915_MADV_DONTNEED: 2155 i915_gem_object_truncate(obj); 2156 case __I915_MADV_PURGED: 2157 return; 2158 } 2159 2160 if (obj->base.filp == NULL) 2161 return; 2162 2163 mapping = obj->base.filp->f_mapping, 2164 invalidate_mapping_pages(mapping, 0, (loff_t)-1); 2165 } 2166 2167 static void 2168 i915_gem_object_put_pages_gtt(struct drm_i915_gem_object *obj, 2169 struct sg_table *pages) 2170 { 2171 struct sgt_iter sgt_iter; 2172 struct page *page; 2173 2174 __i915_gem_object_release_shmem(obj, pages, true); 2175 2176 i915_gem_gtt_finish_pages(obj, pages); 2177 2178 if (i915_gem_object_needs_bit17_swizzle(obj)) 2179 i915_gem_object_save_bit_17_swizzle(obj, pages); 2180 2181 for_each_sgt_page(page, sgt_iter, pages) { 2182 if (obj->mm.dirty) 2183 set_page_dirty(page); 2184 2185 if (obj->mm.madv == I915_MADV_WILLNEED) 2186 mark_page_accessed(page); 2187 2188 put_page(page); 2189 } 2190 obj->mm.dirty = false; 2191 2192 sg_free_table(pages); 2193 kfree(pages); 2194 } 2195 2196 static void __i915_gem_object_reset_page_iter(struct drm_i915_gem_object *obj) 2197 { 2198 struct radix_tree_iter iter; 2199 void **slot; 2200 2201 radix_tree_for_each_slot(slot, &obj->mm.get_page.radix, &iter, 0) 2202 radix_tree_delete(&obj->mm.get_page.radix, iter.index); 2203 } 2204 2205 void __i915_gem_object_put_pages(struct drm_i915_gem_object *obj, 2206 enum i915_mm_subclass subclass) 2207 { 2208 struct sg_table *pages; 2209 2210 if (i915_gem_object_has_pinned_pages(obj)) 2211 return; 2212 2213 GEM_BUG_ON(obj->bind_count); 2214 if (!READ_ONCE(obj->mm.pages)) 2215 return; 2216 2217 /* May be called by shrinker from within get_pages() (on another bo) */ 2218 mutex_lock_nested(&obj->mm.lock, subclass); 2219 if (unlikely(atomic_read(&obj->mm.pages_pin_count))) 2220 goto unlock; 2221 2222 /* ->put_pages might need to allocate memory for the bit17 swizzle 2223 * array, hence protect them from being reaped by removing them from gtt 2224 * lists early. */ 2225 pages = fetch_and_zero(&obj->mm.pages); 2226 GEM_BUG_ON(!pages); 2227 2228 if (obj->mm.mapping) { 2229 void *ptr; 2230 2231 ptr = ptr_mask_bits(obj->mm.mapping); 2232 if (is_vmalloc_addr(ptr)) 2233 vunmap(ptr); 2234 else 2235 kunmap(kmap_to_page(ptr)); 2236 2237 obj->mm.mapping = NULL; 2238 } 2239 2240 __i915_gem_object_reset_page_iter(obj); 2241 2242 if (!IS_ERR(pages)) 2243 obj->ops->put_pages(obj, pages); 2244 2245 unlock: 2246 mutex_unlock(&obj->mm.lock); 2247 } 2248 2249 static bool i915_sg_trim(struct sg_table *orig_st) 2250 { 2251 struct sg_table new_st; 2252 struct scatterlist *sg, *new_sg; 2253 unsigned int i; 2254 2255 if (orig_st->nents == orig_st->orig_nents) 2256 return false; 2257 2258 if (sg_alloc_table(&new_st, orig_st->nents, GFP_KERNEL | __GFP_NOWARN)) 2259 return false; 2260 2261 new_sg = new_st.sgl; 2262 for_each_sg(orig_st->sgl, sg, orig_st->nents, i) { 2263 sg_set_page(new_sg, sg_page(sg), sg->length, 0); 2264 /* called before being DMA mapped, no need to copy sg->dma_* */ 2265 new_sg = sg_next(new_sg); 2266 } 2267 GEM_BUG_ON(new_sg); /* Should walk exactly nents and hit the end */ 2268 2269 sg_free_table(orig_st); 2270 2271 *orig_st = new_st; 2272 return true; 2273 } 2274 2275 static struct sg_table * 2276 i915_gem_object_get_pages_gtt(struct drm_i915_gem_object *obj) 2277 { 2278 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 2279 const unsigned long page_count = obj->base.size / PAGE_SIZE; 2280 unsigned long i; 2281 struct address_space *mapping; 2282 struct sg_table *st; 2283 struct scatterlist *sg; 2284 struct sgt_iter sgt_iter; 2285 struct page *page; 2286 unsigned long last_pfn = 0; /* suppress gcc warning */ 2287 unsigned int max_segment; 2288 int ret; 2289 gfp_t gfp; 2290 2291 /* Assert that the object is not currently in any GPU domain. As it 2292 * wasn't in the GTT, there shouldn't be any way it could have been in 2293 * a GPU cache 2294 */ 2295 GEM_BUG_ON(obj->base.read_domains & I915_GEM_GPU_DOMAINS); 2296 GEM_BUG_ON(obj->base.write_domain & I915_GEM_GPU_DOMAINS); 2297 2298 max_segment = swiotlb_max_segment(); 2299 if (!max_segment) 2300 max_segment = rounddown(UINT_MAX, PAGE_SIZE); 2301 2302 st = kmalloc(sizeof(*st), GFP_KERNEL); 2303 if (st == NULL) 2304 return ERR_PTR(-ENOMEM); 2305 2306 rebuild_st: 2307 if (sg_alloc_table(st, page_count, GFP_KERNEL)) { 2308 kfree(st); 2309 return ERR_PTR(-ENOMEM); 2310 } 2311 2312 /* Get the list of pages out of our struct file. They'll be pinned 2313 * at this point until we release them. 2314 * 2315 * Fail silently without starting the shrinker 2316 */ 2317 mapping = obj->base.filp->f_mapping; 2318 gfp = mapping_gfp_constraint(mapping, ~(__GFP_IO | __GFP_RECLAIM)); 2319 gfp |= __GFP_NORETRY | __GFP_NOWARN; 2320 sg = st->sgl; 2321 st->nents = 0; 2322 for (i = 0; i < page_count; i++) { 2323 page = shmem_read_mapping_page_gfp(mapping, i, gfp); 2324 if (IS_ERR(page)) { 2325 i915_gem_shrink(dev_priv, 2326 page_count, 2327 I915_SHRINK_BOUND | 2328 I915_SHRINK_UNBOUND | 2329 I915_SHRINK_PURGEABLE); 2330 page = shmem_read_mapping_page_gfp(mapping, i, gfp); 2331 } 2332 if (IS_ERR(page)) { 2333 /* We've tried hard to allocate the memory by reaping 2334 * our own buffer, now let the real VM do its job and 2335 * go down in flames if truly OOM. 2336 */ 2337 page = shmem_read_mapping_page(mapping, i); 2338 if (IS_ERR(page)) { 2339 ret = PTR_ERR(page); 2340 goto err_sg; 2341 } 2342 } 2343 if (!i || 2344 sg->length >= max_segment || 2345 page_to_pfn(page) != last_pfn + 1) { 2346 if (i) 2347 sg = sg_next(sg); 2348 st->nents++; 2349 sg_set_page(sg, page, PAGE_SIZE, 0); 2350 } else { 2351 sg->length += PAGE_SIZE; 2352 } 2353 last_pfn = page_to_pfn(page); 2354 2355 /* Check that the i965g/gm workaround works. */ 2356 WARN_ON((gfp & __GFP_DMA32) && (last_pfn >= 0x00100000UL)); 2357 } 2358 if (sg) /* loop terminated early; short sg table */ 2359 sg_mark_end(sg); 2360 2361 /* Trim unused sg entries to avoid wasting memory. */ 2362 i915_sg_trim(st); 2363 2364 ret = i915_gem_gtt_prepare_pages(obj, st); 2365 if (ret) { 2366 /* DMA remapping failed? One possible cause is that 2367 * it could not reserve enough large entries, asking 2368 * for PAGE_SIZE chunks instead may be helpful. 2369 */ 2370 if (max_segment > PAGE_SIZE) { 2371 for_each_sgt_page(page, sgt_iter, st) 2372 put_page(page); 2373 sg_free_table(st); 2374 2375 max_segment = PAGE_SIZE; 2376 goto rebuild_st; 2377 } else { 2378 dev_warn(&dev_priv->drm.pdev->dev, 2379 "Failed to DMA remap %lu pages\n", 2380 page_count); 2381 goto err_pages; 2382 } 2383 } 2384 2385 if (i915_gem_object_needs_bit17_swizzle(obj)) 2386 i915_gem_object_do_bit_17_swizzle(obj, st); 2387 2388 return st; 2389 2390 err_sg: 2391 sg_mark_end(sg); 2392 err_pages: 2393 for_each_sgt_page(page, sgt_iter, st) 2394 put_page(page); 2395 sg_free_table(st); 2396 kfree(st); 2397 2398 /* shmemfs first checks if there is enough memory to allocate the page 2399 * and reports ENOSPC should there be insufficient, along with the usual 2400 * ENOMEM for a genuine allocation failure. 2401 * 2402 * We use ENOSPC in our driver to mean that we have run out of aperture 2403 * space and so want to translate the error from shmemfs back to our 2404 * usual understanding of ENOMEM. 2405 */ 2406 if (ret == -ENOSPC) 2407 ret = -ENOMEM; 2408 2409 return ERR_PTR(ret); 2410 } 2411 2412 void __i915_gem_object_set_pages(struct drm_i915_gem_object *obj, 2413 struct sg_table *pages) 2414 { 2415 lockdep_assert_held(&obj->mm.lock); 2416 2417 obj->mm.get_page.sg_pos = pages->sgl; 2418 obj->mm.get_page.sg_idx = 0; 2419 2420 obj->mm.pages = pages; 2421 2422 if (i915_gem_object_is_tiled(obj) && 2423 to_i915(obj->base.dev)->quirks & QUIRK_PIN_SWIZZLED_PAGES) { 2424 GEM_BUG_ON(obj->mm.quirked); 2425 __i915_gem_object_pin_pages(obj); 2426 obj->mm.quirked = true; 2427 } 2428 } 2429 2430 static int ____i915_gem_object_get_pages(struct drm_i915_gem_object *obj) 2431 { 2432 struct sg_table *pages; 2433 2434 GEM_BUG_ON(i915_gem_object_has_pinned_pages(obj)); 2435 2436 if (unlikely(obj->mm.madv != I915_MADV_WILLNEED)) { 2437 DRM_DEBUG("Attempting to obtain a purgeable object\n"); 2438 return -EFAULT; 2439 } 2440 2441 pages = obj->ops->get_pages(obj); 2442 if (unlikely(IS_ERR(pages))) 2443 return PTR_ERR(pages); 2444 2445 __i915_gem_object_set_pages(obj, pages); 2446 return 0; 2447 } 2448 2449 /* Ensure that the associated pages are gathered from the backing storage 2450 * and pinned into our object. i915_gem_object_pin_pages() may be called 2451 * multiple times before they are released by a single call to 2452 * i915_gem_object_unpin_pages() - once the pages are no longer referenced 2453 * either as a result of memory pressure (reaping pages under the shrinker) 2454 * or as the object is itself released. 2455 */ 2456 int __i915_gem_object_get_pages(struct drm_i915_gem_object *obj) 2457 { 2458 int err; 2459 2460 err = mutex_lock_interruptible(&obj->mm.lock); 2461 if (err) 2462 return err; 2463 2464 if (unlikely(IS_ERR_OR_NULL(obj->mm.pages))) { 2465 err = ____i915_gem_object_get_pages(obj); 2466 if (err) 2467 goto unlock; 2468 2469 smp_mb__before_atomic(); 2470 } 2471 atomic_inc(&obj->mm.pages_pin_count); 2472 2473 unlock: 2474 mutex_unlock(&obj->mm.lock); 2475 return err; 2476 } 2477 2478 /* The 'mapping' part of i915_gem_object_pin_map() below */ 2479 static void *i915_gem_object_map(const struct drm_i915_gem_object *obj, 2480 enum i915_map_type type) 2481 { 2482 unsigned long n_pages = obj->base.size >> PAGE_SHIFT; 2483 struct sg_table *sgt = obj->mm.pages; 2484 struct sgt_iter sgt_iter; 2485 struct page *page; 2486 struct page *stack_pages[32]; 2487 struct page **pages = stack_pages; 2488 unsigned long i = 0; 2489 pgprot_t pgprot; 2490 void *addr; 2491 2492 /* A single page can always be kmapped */ 2493 if (n_pages == 1 && type == I915_MAP_WB) 2494 return kmap(sg_page(sgt->sgl)); 2495 2496 if (n_pages > ARRAY_SIZE(stack_pages)) { 2497 /* Too big for stack -- allocate temporary array instead */ 2498 pages = drm_malloc_gfp(n_pages, sizeof(*pages), GFP_TEMPORARY); 2499 if (!pages) 2500 return NULL; 2501 } 2502 2503 for_each_sgt_page(page, sgt_iter, sgt) 2504 pages[i++] = page; 2505 2506 /* Check that we have the expected number of pages */ 2507 GEM_BUG_ON(i != n_pages); 2508 2509 switch (type) { 2510 case I915_MAP_WB: 2511 pgprot = PAGE_KERNEL; 2512 break; 2513 case I915_MAP_WC: 2514 pgprot = pgprot_writecombine(PAGE_KERNEL_IO); 2515 break; 2516 } 2517 addr = vmap(pages, n_pages, 0, pgprot); 2518 2519 if (pages != stack_pages) 2520 drm_free_large(pages); 2521 2522 return addr; 2523 } 2524 2525 /* get, pin, and map the pages of the object into kernel space */ 2526 void *i915_gem_object_pin_map(struct drm_i915_gem_object *obj, 2527 enum i915_map_type type) 2528 { 2529 enum i915_map_type has_type; 2530 bool pinned; 2531 void *ptr; 2532 int ret; 2533 2534 GEM_BUG_ON(!i915_gem_object_has_struct_page(obj)); 2535 2536 ret = mutex_lock_interruptible(&obj->mm.lock); 2537 if (ret) 2538 return ERR_PTR(ret); 2539 2540 pinned = true; 2541 if (!atomic_inc_not_zero(&obj->mm.pages_pin_count)) { 2542 if (unlikely(IS_ERR_OR_NULL(obj->mm.pages))) { 2543 ret = ____i915_gem_object_get_pages(obj); 2544 if (ret) 2545 goto err_unlock; 2546 2547 smp_mb__before_atomic(); 2548 } 2549 atomic_inc(&obj->mm.pages_pin_count); 2550 pinned = false; 2551 } 2552 GEM_BUG_ON(!obj->mm.pages); 2553 2554 ptr = ptr_unpack_bits(obj->mm.mapping, has_type); 2555 if (ptr && has_type != type) { 2556 if (pinned) { 2557 ret = -EBUSY; 2558 goto err_unpin; 2559 } 2560 2561 if (is_vmalloc_addr(ptr)) 2562 vunmap(ptr); 2563 else 2564 kunmap(kmap_to_page(ptr)); 2565 2566 ptr = obj->mm.mapping = NULL; 2567 } 2568 2569 if (!ptr) { 2570 ptr = i915_gem_object_map(obj, type); 2571 if (!ptr) { 2572 ret = -ENOMEM; 2573 goto err_unpin; 2574 } 2575 2576 obj->mm.mapping = ptr_pack_bits(ptr, type); 2577 } 2578 2579 out_unlock: 2580 mutex_unlock(&obj->mm.lock); 2581 return ptr; 2582 2583 err_unpin: 2584 atomic_dec(&obj->mm.pages_pin_count); 2585 err_unlock: 2586 ptr = ERR_PTR(ret); 2587 goto out_unlock; 2588 } 2589 2590 static int 2591 i915_gem_object_pwrite_gtt(struct drm_i915_gem_object *obj, 2592 const struct drm_i915_gem_pwrite *arg) 2593 { 2594 struct address_space *mapping = obj->base.filp->f_mapping; 2595 char __user *user_data = u64_to_user_ptr(arg->data_ptr); 2596 u64 remain, offset; 2597 unsigned int pg; 2598 2599 /* Before we instantiate/pin the backing store for our use, we 2600 * can prepopulate the shmemfs filp efficiently using a write into 2601 * the pagecache. We avoid the penalty of instantiating all the 2602 * pages, important if the user is just writing to a few and never 2603 * uses the object on the GPU, and using a direct write into shmemfs 2604 * allows it to avoid the cost of retrieving a page (either swapin 2605 * or clearing-before-use) before it is overwritten. 2606 */ 2607 if (READ_ONCE(obj->mm.pages)) 2608 return -ENODEV; 2609 2610 /* Before the pages are instantiated the object is treated as being 2611 * in the CPU domain. The pages will be clflushed as required before 2612 * use, and we can freely write into the pages directly. If userspace 2613 * races pwrite with any other operation; corruption will ensue - 2614 * that is userspace's prerogative! 2615 */ 2616 2617 remain = arg->size; 2618 offset = arg->offset; 2619 pg = offset_in_page(offset); 2620 2621 do { 2622 unsigned int len, unwritten; 2623 struct page *page; 2624 void *data, *vaddr; 2625 int err; 2626 2627 len = PAGE_SIZE - pg; 2628 if (len > remain) 2629 len = remain; 2630 2631 err = pagecache_write_begin(obj->base.filp, mapping, 2632 offset, len, 0, 2633 &page, &data); 2634 if (err < 0) 2635 return err; 2636 2637 vaddr = kmap(page); 2638 unwritten = copy_from_user(vaddr + pg, user_data, len); 2639 kunmap(page); 2640 2641 err = pagecache_write_end(obj->base.filp, mapping, 2642 offset, len, len - unwritten, 2643 page, data); 2644 if (err < 0) 2645 return err; 2646 2647 if (unwritten) 2648 return -EFAULT; 2649 2650 remain -= len; 2651 user_data += len; 2652 offset += len; 2653 pg = 0; 2654 } while (remain); 2655 2656 return 0; 2657 } 2658 2659 static bool ban_context(const struct i915_gem_context *ctx) 2660 { 2661 return (i915_gem_context_is_bannable(ctx) && 2662 ctx->ban_score >= CONTEXT_SCORE_BAN_THRESHOLD); 2663 } 2664 2665 static void i915_gem_context_mark_guilty(struct i915_gem_context *ctx) 2666 { 2667 ctx->guilty_count++; 2668 ctx->ban_score += CONTEXT_SCORE_GUILTY; 2669 if (ban_context(ctx)) 2670 i915_gem_context_set_banned(ctx); 2671 2672 DRM_DEBUG_DRIVER("context %s marked guilty (score %d) banned? %s\n", 2673 ctx->name, ctx->ban_score, 2674 yesno(i915_gem_context_is_banned(ctx))); 2675 2676 if (!i915_gem_context_is_banned(ctx) || IS_ERR_OR_NULL(ctx->file_priv)) 2677 return; 2678 2679 ctx->file_priv->context_bans++; 2680 DRM_DEBUG_DRIVER("client %s has had %d context banned\n", 2681 ctx->name, ctx->file_priv->context_bans); 2682 } 2683 2684 static void i915_gem_context_mark_innocent(struct i915_gem_context *ctx) 2685 { 2686 ctx->active_count++; 2687 } 2688 2689 struct drm_i915_gem_request * 2690 i915_gem_find_active_request(struct intel_engine_cs *engine) 2691 { 2692 struct drm_i915_gem_request *request, *active = NULL; 2693 unsigned long flags; 2694 2695 /* We are called by the error capture and reset at a random 2696 * point in time. In particular, note that neither is crucially 2697 * ordered with an interrupt. After a hang, the GPU is dead and we 2698 * assume that no more writes can happen (we waited long enough for 2699 * all writes that were in transaction to be flushed) - adding an 2700 * extra delay for a recent interrupt is pointless. Hence, we do 2701 * not need an engine->irq_seqno_barrier() before the seqno reads. 2702 */ 2703 spin_lock_irqsave(&engine->timeline->lock, flags); 2704 list_for_each_entry(request, &engine->timeline->requests, link) { 2705 if (__i915_gem_request_completed(request, 2706 request->global_seqno)) 2707 continue; 2708 2709 GEM_BUG_ON(request->engine != engine); 2710 GEM_BUG_ON(test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, 2711 &request->fence.flags)); 2712 2713 active = request; 2714 break; 2715 } 2716 spin_unlock_irqrestore(&engine->timeline->lock, flags); 2717 2718 return active; 2719 } 2720 2721 static bool engine_stalled(struct intel_engine_cs *engine) 2722 { 2723 if (!engine->hangcheck.stalled) 2724 return false; 2725 2726 /* Check for possible seqno movement after hang declaration */ 2727 if (engine->hangcheck.seqno != intel_engine_get_seqno(engine)) { 2728 DRM_DEBUG_DRIVER("%s pardoned\n", engine->name); 2729 return false; 2730 } 2731 2732 return true; 2733 } 2734 2735 int i915_gem_reset_prepare(struct drm_i915_private *dev_priv) 2736 { 2737 struct intel_engine_cs *engine; 2738 enum intel_engine_id id; 2739 int err = 0; 2740 2741 /* Ensure irq handler finishes, and not run again. */ 2742 for_each_engine(engine, dev_priv, id) { 2743 struct drm_i915_gem_request *request; 2744 2745 /* Prevent the signaler thread from updating the request 2746 * state (by calling dma_fence_signal) as we are processing 2747 * the reset. The write from the GPU of the seqno is 2748 * asynchronous and the signaler thread may see a different 2749 * value to us and declare the request complete, even though 2750 * the reset routine have picked that request as the active 2751 * (incomplete) request. This conflict is not handled 2752 * gracefully! 2753 */ 2754 kthread_park(engine->breadcrumbs.signaler); 2755 2756 /* Prevent request submission to the hardware until we have 2757 * completed the reset in i915_gem_reset_finish(). If a request 2758 * is completed by one engine, it may then queue a request 2759 * to a second via its engine->irq_tasklet *just* as we are 2760 * calling engine->init_hw() and also writing the ELSP. 2761 * Turning off the engine->irq_tasklet until the reset is over 2762 * prevents the race. 2763 */ 2764 tasklet_kill(&engine->irq_tasklet); 2765 tasklet_disable(&engine->irq_tasklet); 2766 2767 if (engine->irq_seqno_barrier) 2768 engine->irq_seqno_barrier(engine); 2769 2770 if (engine_stalled(engine)) { 2771 request = i915_gem_find_active_request(engine); 2772 if (request && request->fence.error == -EIO) 2773 err = -EIO; /* Previous reset failed! */ 2774 } 2775 } 2776 2777 i915_gem_revoke_fences(dev_priv); 2778 2779 return err; 2780 } 2781 2782 static void skip_request(struct drm_i915_gem_request *request) 2783 { 2784 void *vaddr = request->ring->vaddr; 2785 u32 head; 2786 2787 /* As this request likely depends on state from the lost 2788 * context, clear out all the user operations leaving the 2789 * breadcrumb at the end (so we get the fence notifications). 2790 */ 2791 head = request->head; 2792 if (request->postfix < head) { 2793 memset(vaddr + head, 0, request->ring->size - head); 2794 head = 0; 2795 } 2796 memset(vaddr + head, 0, request->postfix - head); 2797 2798 dma_fence_set_error(&request->fence, -EIO); 2799 } 2800 2801 static void engine_skip_context(struct drm_i915_gem_request *request) 2802 { 2803 struct intel_engine_cs *engine = request->engine; 2804 struct i915_gem_context *hung_ctx = request->ctx; 2805 struct intel_timeline *timeline; 2806 unsigned long flags; 2807 2808 timeline = i915_gem_context_lookup_timeline(hung_ctx, engine); 2809 2810 spin_lock_irqsave(&engine->timeline->lock, flags); 2811 spin_lock(&timeline->lock); 2812 2813 list_for_each_entry_continue(request, &engine->timeline->requests, link) 2814 if (request->ctx == hung_ctx) 2815 skip_request(request); 2816 2817 list_for_each_entry(request, &timeline->requests, link) 2818 skip_request(request); 2819 2820 spin_unlock(&timeline->lock); 2821 spin_unlock_irqrestore(&engine->timeline->lock, flags); 2822 } 2823 2824 /* Returns true if the request was guilty of hang */ 2825 static bool i915_gem_reset_request(struct drm_i915_gem_request *request) 2826 { 2827 /* Read once and return the resolution */ 2828 const bool guilty = engine_stalled(request->engine); 2829 2830 /* The guilty request will get skipped on a hung engine. 2831 * 2832 * Users of client default contexts do not rely on logical 2833 * state preserved between batches so it is safe to execute 2834 * queued requests following the hang. Non default contexts 2835 * rely on preserved state, so skipping a batch loses the 2836 * evolution of the state and it needs to be considered corrupted. 2837 * Executing more queued batches on top of corrupted state is 2838 * risky. But we take the risk by trying to advance through 2839 * the queued requests in order to make the client behaviour 2840 * more predictable around resets, by not throwing away random 2841 * amount of batches it has prepared for execution. Sophisticated 2842 * clients can use gem_reset_stats_ioctl and dma fence status 2843 * (exported via sync_file info ioctl on explicit fences) to observe 2844 * when it loses the context state and should rebuild accordingly. 2845 * 2846 * The context ban, and ultimately the client ban, mechanism are safety 2847 * valves if client submission ends up resulting in nothing more than 2848 * subsequent hangs. 2849 */ 2850 2851 if (guilty) { 2852 i915_gem_context_mark_guilty(request->ctx); 2853 skip_request(request); 2854 } else { 2855 i915_gem_context_mark_innocent(request->ctx); 2856 dma_fence_set_error(&request->fence, -EAGAIN); 2857 } 2858 2859 return guilty; 2860 } 2861 2862 static void i915_gem_reset_engine(struct intel_engine_cs *engine) 2863 { 2864 struct drm_i915_gem_request *request; 2865 2866 request = i915_gem_find_active_request(engine); 2867 if (request && i915_gem_reset_request(request)) { 2868 DRM_DEBUG_DRIVER("resetting %s to restart from tail of request 0x%x\n", 2869 engine->name, request->global_seqno); 2870 2871 /* If this context is now banned, skip all pending requests. */ 2872 if (i915_gem_context_is_banned(request->ctx)) 2873 engine_skip_context(request); 2874 } 2875 2876 /* Setup the CS to resume from the breadcrumb of the hung request */ 2877 engine->reset_hw(engine, request); 2878 } 2879 2880 void i915_gem_reset(struct drm_i915_private *dev_priv) 2881 { 2882 struct intel_engine_cs *engine; 2883 enum intel_engine_id id; 2884 2885 lockdep_assert_held(&dev_priv->drm.struct_mutex); 2886 2887 i915_gem_retire_requests(dev_priv); 2888 2889 for_each_engine(engine, dev_priv, id) { 2890 struct i915_gem_context *ctx; 2891 2892 i915_gem_reset_engine(engine); 2893 ctx = fetch_and_zero(&engine->last_retired_context); 2894 if (ctx) 2895 engine->context_unpin(engine, ctx); 2896 } 2897 2898 i915_gem_restore_fences(dev_priv); 2899 2900 if (dev_priv->gt.awake) { 2901 intel_sanitize_gt_powersave(dev_priv); 2902 intel_enable_gt_powersave(dev_priv); 2903 if (INTEL_GEN(dev_priv) >= 6) 2904 gen6_rps_busy(dev_priv); 2905 } 2906 } 2907 2908 void i915_gem_reset_finish(struct drm_i915_private *dev_priv) 2909 { 2910 struct intel_engine_cs *engine; 2911 enum intel_engine_id id; 2912 2913 lockdep_assert_held(&dev_priv->drm.struct_mutex); 2914 2915 for_each_engine(engine, dev_priv, id) { 2916 tasklet_enable(&engine->irq_tasklet); 2917 kthread_unpark(engine->breadcrumbs.signaler); 2918 } 2919 } 2920 2921 static void nop_submit_request(struct drm_i915_gem_request *request) 2922 { 2923 dma_fence_set_error(&request->fence, -EIO); 2924 i915_gem_request_submit(request); 2925 intel_engine_init_global_seqno(request->engine, request->global_seqno); 2926 } 2927 2928 static void engine_set_wedged(struct intel_engine_cs *engine) 2929 { 2930 struct drm_i915_gem_request *request; 2931 unsigned long flags; 2932 2933 /* We need to be sure that no thread is running the old callback as 2934 * we install the nop handler (otherwise we would submit a request 2935 * to hardware that will never complete). In order to prevent this 2936 * race, we wait until the machine is idle before making the swap 2937 * (using stop_machine()). 2938 */ 2939 engine->submit_request = nop_submit_request; 2940 2941 /* Mark all executing requests as skipped */ 2942 spin_lock_irqsave(&engine->timeline->lock, flags); 2943 list_for_each_entry(request, &engine->timeline->requests, link) 2944 dma_fence_set_error(&request->fence, -EIO); 2945 spin_unlock_irqrestore(&engine->timeline->lock, flags); 2946 2947 /* Mark all pending requests as complete so that any concurrent 2948 * (lockless) lookup doesn't try and wait upon the request as we 2949 * reset it. 2950 */ 2951 intel_engine_init_global_seqno(engine, 2952 intel_engine_last_submit(engine)); 2953 2954 /* 2955 * Clear the execlists queue up before freeing the requests, as those 2956 * are the ones that keep the context and ringbuffer backing objects 2957 * pinned in place. 2958 */ 2959 2960 if (i915.enable_execlists) { 2961 unsigned long flags; 2962 2963 spin_lock_irqsave(&engine->timeline->lock, flags); 2964 2965 i915_gem_request_put(engine->execlist_port[0].request); 2966 i915_gem_request_put(engine->execlist_port[1].request); 2967 memset(engine->execlist_port, 0, sizeof(engine->execlist_port)); 2968 engine->execlist_queue = RB_ROOT; 2969 engine->execlist_first = NULL; 2970 2971 spin_unlock_irqrestore(&engine->timeline->lock, flags); 2972 } 2973 } 2974 2975 static int __i915_gem_set_wedged_BKL(void *data) 2976 { 2977 struct drm_i915_private *i915 = data; 2978 struct intel_engine_cs *engine; 2979 enum intel_engine_id id; 2980 2981 for_each_engine(engine, i915, id) 2982 engine_set_wedged(engine); 2983 2984 return 0; 2985 } 2986 2987 void i915_gem_set_wedged(struct drm_i915_private *dev_priv) 2988 { 2989 lockdep_assert_held(&dev_priv->drm.struct_mutex); 2990 set_bit(I915_WEDGED, &dev_priv->gpu_error.flags); 2991 2992 stop_machine(__i915_gem_set_wedged_BKL, dev_priv, NULL); 2993 2994 i915_gem_context_lost(dev_priv); 2995 i915_gem_retire_requests(dev_priv); 2996 2997 mod_delayed_work(dev_priv->wq, &dev_priv->gt.idle_work, 0); 2998 } 2999 3000 bool i915_gem_unset_wedged(struct drm_i915_private *i915) 3001 { 3002 struct i915_gem_timeline *tl; 3003 int i; 3004 3005 lockdep_assert_held(&i915->drm.struct_mutex); 3006 if (!test_bit(I915_WEDGED, &i915->gpu_error.flags)) 3007 return true; 3008 3009 /* Before unwedging, make sure that all pending operations 3010 * are flushed and errored out - we may have requests waiting upon 3011 * third party fences. We marked all inflight requests as EIO, and 3012 * every execbuf since returned EIO, for consistency we want all 3013 * the currently pending requests to also be marked as EIO, which 3014 * is done inside our nop_submit_request - and so we must wait. 3015 * 3016 * No more can be submitted until we reset the wedged bit. 3017 */ 3018 list_for_each_entry(tl, &i915->gt.timelines, link) { 3019 for (i = 0; i < ARRAY_SIZE(tl->engine); i++) { 3020 struct drm_i915_gem_request *rq; 3021 3022 rq = i915_gem_active_peek(&tl->engine[i].last_request, 3023 &i915->drm.struct_mutex); 3024 if (!rq) 3025 continue; 3026 3027 /* We can't use our normal waiter as we want to 3028 * avoid recursively trying to handle the current 3029 * reset. The basic dma_fence_default_wait() installs 3030 * a callback for dma_fence_signal(), which is 3031 * triggered by our nop handler (indirectly, the 3032 * callback enables the signaler thread which is 3033 * woken by the nop_submit_request() advancing the seqno 3034 * and when the seqno passes the fence, the signaler 3035 * then signals the fence waking us up). 3036 */ 3037 if (dma_fence_default_wait(&rq->fence, true, 3038 MAX_SCHEDULE_TIMEOUT) < 0) 3039 return false; 3040 } 3041 } 3042 3043 /* Undo nop_submit_request. We prevent all new i915 requests from 3044 * being queued (by disallowing execbuf whilst wedged) so having 3045 * waited for all active requests above, we know the system is idle 3046 * and do not have to worry about a thread being inside 3047 * engine->submit_request() as we swap over. So unlike installing 3048 * the nop_submit_request on reset, we can do this from normal 3049 * context and do not require stop_machine(). 3050 */ 3051 intel_engines_reset_default_submission(i915); 3052 3053 smp_mb__before_atomic(); /* complete takeover before enabling execbuf */ 3054 clear_bit(I915_WEDGED, &i915->gpu_error.flags); 3055 3056 return true; 3057 } 3058 3059 static void 3060 i915_gem_retire_work_handler(struct work_struct *work) 3061 { 3062 struct drm_i915_private *dev_priv = 3063 container_of(work, typeof(*dev_priv), gt.retire_work.work); 3064 struct drm_device *dev = &dev_priv->drm; 3065 3066 /* Come back later if the device is busy... */ 3067 if (mutex_trylock(&dev->struct_mutex)) { 3068 i915_gem_retire_requests(dev_priv); 3069 mutex_unlock(&dev->struct_mutex); 3070 } 3071 3072 /* Keep the retire handler running until we are finally idle. 3073 * We do not need to do this test under locking as in the worst-case 3074 * we queue the retire worker once too often. 3075 */ 3076 if (READ_ONCE(dev_priv->gt.awake)) { 3077 i915_queue_hangcheck(dev_priv); 3078 queue_delayed_work(dev_priv->wq, 3079 &dev_priv->gt.retire_work, 3080 round_jiffies_up_relative(HZ)); 3081 } 3082 } 3083 3084 static void 3085 i915_gem_idle_work_handler(struct work_struct *work) 3086 { 3087 struct drm_i915_private *dev_priv = 3088 container_of(work, typeof(*dev_priv), gt.idle_work.work); 3089 struct drm_device *dev = &dev_priv->drm; 3090 struct intel_engine_cs *engine; 3091 enum intel_engine_id id; 3092 bool rearm_hangcheck; 3093 3094 if (!READ_ONCE(dev_priv->gt.awake)) 3095 return; 3096 3097 /* 3098 * Wait for last execlists context complete, but bail out in case a 3099 * new request is submitted. 3100 */ 3101 wait_for(READ_ONCE(dev_priv->gt.active_requests) || 3102 intel_engines_are_idle(dev_priv), 3103 10); 3104 if (READ_ONCE(dev_priv->gt.active_requests)) 3105 return; 3106 3107 rearm_hangcheck = 3108 cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work); 3109 3110 if (!mutex_trylock(&dev->struct_mutex)) { 3111 /* Currently busy, come back later */ 3112 mod_delayed_work(dev_priv->wq, 3113 &dev_priv->gt.idle_work, 3114 msecs_to_jiffies(50)); 3115 goto out_rearm; 3116 } 3117 3118 /* 3119 * New request retired after this work handler started, extend active 3120 * period until next instance of the work. 3121 */ 3122 if (work_pending(work)) 3123 goto out_unlock; 3124 3125 if (dev_priv->gt.active_requests) 3126 goto out_unlock; 3127 3128 if (wait_for(intel_engines_are_idle(dev_priv), 10)) 3129 DRM_ERROR("Timeout waiting for engines to idle\n"); 3130 3131 for_each_engine(engine, dev_priv, id) { 3132 intel_engine_disarm_breadcrumbs(engine); 3133 i915_gem_batch_pool_fini(&engine->batch_pool); 3134 } 3135 3136 GEM_BUG_ON(!dev_priv->gt.awake); 3137 dev_priv->gt.awake = false; 3138 rearm_hangcheck = false; 3139 3140 if (INTEL_GEN(dev_priv) >= 6) 3141 gen6_rps_idle(dev_priv); 3142 intel_runtime_pm_put(dev_priv); 3143 out_unlock: 3144 mutex_unlock(&dev->struct_mutex); 3145 3146 out_rearm: 3147 if (rearm_hangcheck) { 3148 GEM_BUG_ON(!dev_priv->gt.awake); 3149 i915_queue_hangcheck(dev_priv); 3150 } 3151 } 3152 3153 void i915_gem_close_object(struct drm_gem_object *gem, struct drm_file *file) 3154 { 3155 struct drm_i915_gem_object *obj = to_intel_bo(gem); 3156 struct drm_i915_file_private *fpriv = file->driver_priv; 3157 struct i915_vma *vma, *vn; 3158 3159 mutex_lock(&obj->base.dev->struct_mutex); 3160 list_for_each_entry_safe(vma, vn, &obj->vma_list, obj_link) 3161 if (vma->vm->file == fpriv) 3162 i915_vma_close(vma); 3163 3164 if (i915_gem_object_is_active(obj) && 3165 !i915_gem_object_has_active_reference(obj)) { 3166 i915_gem_object_set_active_reference(obj); 3167 i915_gem_object_get(obj); 3168 } 3169 mutex_unlock(&obj->base.dev->struct_mutex); 3170 } 3171 3172 static unsigned long to_wait_timeout(s64 timeout_ns) 3173 { 3174 if (timeout_ns < 0) 3175 return MAX_SCHEDULE_TIMEOUT; 3176 3177 if (timeout_ns == 0) 3178 return 0; 3179 3180 return nsecs_to_jiffies_timeout(timeout_ns); 3181 } 3182 3183 /** 3184 * i915_gem_wait_ioctl - implements DRM_IOCTL_I915_GEM_WAIT 3185 * @dev: drm device pointer 3186 * @data: ioctl data blob 3187 * @file: drm file pointer 3188 * 3189 * Returns 0 if successful, else an error is returned with the remaining time in 3190 * the timeout parameter. 3191 * -ETIME: object is still busy after timeout 3192 * -ERESTARTSYS: signal interrupted the wait 3193 * -ENONENT: object doesn't exist 3194 * Also possible, but rare: 3195 * -EAGAIN: GPU wedged 3196 * -ENOMEM: damn 3197 * -ENODEV: Internal IRQ fail 3198 * -E?: The add request failed 3199 * 3200 * The wait ioctl with a timeout of 0 reimplements the busy ioctl. With any 3201 * non-zero timeout parameter the wait ioctl will wait for the given number of 3202 * nanoseconds on an object becoming unbusy. Since the wait itself does so 3203 * without holding struct_mutex the object may become re-busied before this 3204 * function completes. A similar but shorter * race condition exists in the busy 3205 * ioctl 3206 */ 3207 int 3208 i915_gem_wait_ioctl(struct drm_device *dev, void *data, struct drm_file *file) 3209 { 3210 struct drm_i915_gem_wait *args = data; 3211 struct drm_i915_gem_object *obj; 3212 ktime_t start; 3213 long ret; 3214 3215 if (args->flags != 0) 3216 return -EINVAL; 3217 3218 obj = i915_gem_object_lookup(file, args->bo_handle); 3219 if (!obj) 3220 return -ENOENT; 3221 3222 start = ktime_get(); 3223 3224 ret = i915_gem_object_wait(obj, 3225 I915_WAIT_INTERRUPTIBLE | I915_WAIT_ALL, 3226 to_wait_timeout(args->timeout_ns), 3227 to_rps_client(file)); 3228 3229 if (args->timeout_ns > 0) { 3230 args->timeout_ns -= ktime_to_ns(ktime_sub(ktime_get(), start)); 3231 if (args->timeout_ns < 0) 3232 args->timeout_ns = 0; 3233 3234 /* 3235 * Apparently ktime isn't accurate enough and occasionally has a 3236 * bit of mismatch in the jiffies<->nsecs<->ktime loop. So patch 3237 * things up to make the test happy. We allow up to 1 jiffy. 3238 * 3239 * This is a regression from the timespec->ktime conversion. 3240 */ 3241 if (ret == -ETIME && !nsecs_to_jiffies(args->timeout_ns)) 3242 args->timeout_ns = 0; 3243 } 3244 3245 i915_gem_object_put(obj); 3246 return ret; 3247 } 3248 3249 static int wait_for_timeline(struct i915_gem_timeline *tl, unsigned int flags) 3250 { 3251 int ret, i; 3252 3253 for (i = 0; i < ARRAY_SIZE(tl->engine); i++) { 3254 ret = i915_gem_active_wait(&tl->engine[i].last_request, flags); 3255 if (ret) 3256 return ret; 3257 } 3258 3259 return 0; 3260 } 3261 3262 int i915_gem_wait_for_idle(struct drm_i915_private *i915, unsigned int flags) 3263 { 3264 int ret; 3265 3266 if (flags & I915_WAIT_LOCKED) { 3267 struct i915_gem_timeline *tl; 3268 3269 lockdep_assert_held(&i915->drm.struct_mutex); 3270 3271 list_for_each_entry(tl, &i915->gt.timelines, link) { 3272 ret = wait_for_timeline(tl, flags); 3273 if (ret) 3274 return ret; 3275 } 3276 } else { 3277 ret = wait_for_timeline(&i915->gt.global_timeline, flags); 3278 if (ret) 3279 return ret; 3280 } 3281 3282 return 0; 3283 } 3284 3285 /** Flushes the GTT write domain for the object if it's dirty. */ 3286 static void 3287 i915_gem_object_flush_gtt_write_domain(struct drm_i915_gem_object *obj) 3288 { 3289 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 3290 3291 if (obj->base.write_domain != I915_GEM_DOMAIN_GTT) 3292 return; 3293 3294 /* No actual flushing is required for the GTT write domain. Writes 3295 * to it "immediately" go to main memory as far as we know, so there's 3296 * no chipset flush. It also doesn't land in render cache. 3297 * 3298 * However, we do have to enforce the order so that all writes through 3299 * the GTT land before any writes to the device, such as updates to 3300 * the GATT itself. 3301 * 3302 * We also have to wait a bit for the writes to land from the GTT. 3303 * An uncached read (i.e. mmio) seems to be ideal for the round-trip 3304 * timing. This issue has only been observed when switching quickly 3305 * between GTT writes and CPU reads from inside the kernel on recent hw, 3306 * and it appears to only affect discrete GTT blocks (i.e. on LLC 3307 * system agents we cannot reproduce this behaviour). 3308 */ 3309 wmb(); 3310 if (INTEL_GEN(dev_priv) >= 6 && !HAS_LLC(dev_priv)) 3311 POSTING_READ(RING_ACTHD(dev_priv->engine[RCS]->mmio_base)); 3312 3313 intel_fb_obj_flush(obj, write_origin(obj, I915_GEM_DOMAIN_GTT)); 3314 3315 obj->base.write_domain = 0; 3316 } 3317 3318 /** Flushes the CPU write domain for the object if it's dirty. */ 3319 static void 3320 i915_gem_object_flush_cpu_write_domain(struct drm_i915_gem_object *obj) 3321 { 3322 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU) 3323 return; 3324 3325 i915_gem_clflush_object(obj, I915_CLFLUSH_SYNC); 3326 obj->base.write_domain = 0; 3327 } 3328 3329 static void __i915_gem_object_flush_for_display(struct drm_i915_gem_object *obj) 3330 { 3331 if (obj->base.write_domain != I915_GEM_DOMAIN_CPU && !obj->cache_dirty) 3332 return; 3333 3334 i915_gem_clflush_object(obj, I915_CLFLUSH_FORCE); 3335 obj->base.write_domain = 0; 3336 } 3337 3338 void i915_gem_object_flush_if_display(struct drm_i915_gem_object *obj) 3339 { 3340 if (!READ_ONCE(obj->pin_display)) 3341 return; 3342 3343 mutex_lock(&obj->base.dev->struct_mutex); 3344 __i915_gem_object_flush_for_display(obj); 3345 mutex_unlock(&obj->base.dev->struct_mutex); 3346 } 3347 3348 /** 3349 * Moves a single object to the GTT read, and possibly write domain. 3350 * @obj: object to act on 3351 * @write: ask for write access or read only 3352 * 3353 * This function returns when the move is complete, including waiting on 3354 * flushes to occur. 3355 */ 3356 int 3357 i915_gem_object_set_to_gtt_domain(struct drm_i915_gem_object *obj, bool write) 3358 { 3359 int ret; 3360 3361 lockdep_assert_held(&obj->base.dev->struct_mutex); 3362 3363 ret = i915_gem_object_wait(obj, 3364 I915_WAIT_INTERRUPTIBLE | 3365 I915_WAIT_LOCKED | 3366 (write ? I915_WAIT_ALL : 0), 3367 MAX_SCHEDULE_TIMEOUT, 3368 NULL); 3369 if (ret) 3370 return ret; 3371 3372 if (obj->base.write_domain == I915_GEM_DOMAIN_GTT) 3373 return 0; 3374 3375 /* Flush and acquire obj->pages so that we are coherent through 3376 * direct access in memory with previous cached writes through 3377 * shmemfs and that our cache domain tracking remains valid. 3378 * For example, if the obj->filp was moved to swap without us 3379 * being notified and releasing the pages, we would mistakenly 3380 * continue to assume that the obj remained out of the CPU cached 3381 * domain. 3382 */ 3383 ret = i915_gem_object_pin_pages(obj); 3384 if (ret) 3385 return ret; 3386 3387 i915_gem_object_flush_cpu_write_domain(obj); 3388 3389 /* Serialise direct access to this object with the barriers for 3390 * coherent writes from the GPU, by effectively invalidating the 3391 * GTT domain upon first access. 3392 */ 3393 if ((obj->base.read_domains & I915_GEM_DOMAIN_GTT) == 0) 3394 mb(); 3395 3396 /* It should now be out of any other write domains, and we can update 3397 * the domain values for our changes. 3398 */ 3399 GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_GTT) != 0); 3400 obj->base.read_domains |= I915_GEM_DOMAIN_GTT; 3401 if (write) { 3402 obj->base.read_domains = I915_GEM_DOMAIN_GTT; 3403 obj->base.write_domain = I915_GEM_DOMAIN_GTT; 3404 obj->mm.dirty = true; 3405 } 3406 3407 i915_gem_object_unpin_pages(obj); 3408 return 0; 3409 } 3410 3411 /** 3412 * Changes the cache-level of an object across all VMA. 3413 * @obj: object to act on 3414 * @cache_level: new cache level to set for the object 3415 * 3416 * After this function returns, the object will be in the new cache-level 3417 * across all GTT and the contents of the backing storage will be coherent, 3418 * with respect to the new cache-level. In order to keep the backing storage 3419 * coherent for all users, we only allow a single cache level to be set 3420 * globally on the object and prevent it from being changed whilst the 3421 * hardware is reading from the object. That is if the object is currently 3422 * on the scanout it will be set to uncached (or equivalent display 3423 * cache coherency) and all non-MOCS GPU access will also be uncached so 3424 * that all direct access to the scanout remains coherent. 3425 */ 3426 int i915_gem_object_set_cache_level(struct drm_i915_gem_object *obj, 3427 enum i915_cache_level cache_level) 3428 { 3429 struct i915_vma *vma; 3430 int ret; 3431 3432 lockdep_assert_held(&obj->base.dev->struct_mutex); 3433 3434 if (obj->cache_level == cache_level) 3435 return 0; 3436 3437 /* Inspect the list of currently bound VMA and unbind any that would 3438 * be invalid given the new cache-level. This is principally to 3439 * catch the issue of the CS prefetch crossing page boundaries and 3440 * reading an invalid PTE on older architectures. 3441 */ 3442 restart: 3443 list_for_each_entry(vma, &obj->vma_list, obj_link) { 3444 if (!drm_mm_node_allocated(&vma->node)) 3445 continue; 3446 3447 if (i915_vma_is_pinned(vma)) { 3448 DRM_DEBUG("can not change the cache level of pinned objects\n"); 3449 return -EBUSY; 3450 } 3451 3452 if (i915_gem_valid_gtt_space(vma, cache_level)) 3453 continue; 3454 3455 ret = i915_vma_unbind(vma); 3456 if (ret) 3457 return ret; 3458 3459 /* As unbinding may affect other elements in the 3460 * obj->vma_list (due to side-effects from retiring 3461 * an active vma), play safe and restart the iterator. 3462 */ 3463 goto restart; 3464 } 3465 3466 /* We can reuse the existing drm_mm nodes but need to change the 3467 * cache-level on the PTE. We could simply unbind them all and 3468 * rebind with the correct cache-level on next use. However since 3469 * we already have a valid slot, dma mapping, pages etc, we may as 3470 * rewrite the PTE in the belief that doing so tramples upon less 3471 * state and so involves less work. 3472 */ 3473 if (obj->bind_count) { 3474 /* Before we change the PTE, the GPU must not be accessing it. 3475 * If we wait upon the object, we know that all the bound 3476 * VMA are no longer active. 3477 */ 3478 ret = i915_gem_object_wait(obj, 3479 I915_WAIT_INTERRUPTIBLE | 3480 I915_WAIT_LOCKED | 3481 I915_WAIT_ALL, 3482 MAX_SCHEDULE_TIMEOUT, 3483 NULL); 3484 if (ret) 3485 return ret; 3486 3487 if (!HAS_LLC(to_i915(obj->base.dev)) && 3488 cache_level != I915_CACHE_NONE) { 3489 /* Access to snoopable pages through the GTT is 3490 * incoherent and on some machines causes a hard 3491 * lockup. Relinquish the CPU mmaping to force 3492 * userspace to refault in the pages and we can 3493 * then double check if the GTT mapping is still 3494 * valid for that pointer access. 3495 */ 3496 i915_gem_release_mmap(obj); 3497 3498 /* As we no longer need a fence for GTT access, 3499 * we can relinquish it now (and so prevent having 3500 * to steal a fence from someone else on the next 3501 * fence request). Note GPU activity would have 3502 * dropped the fence as all snoopable access is 3503 * supposed to be linear. 3504 */ 3505 list_for_each_entry(vma, &obj->vma_list, obj_link) { 3506 ret = i915_vma_put_fence(vma); 3507 if (ret) 3508 return ret; 3509 } 3510 } else { 3511 /* We either have incoherent backing store and 3512 * so no GTT access or the architecture is fully 3513 * coherent. In such cases, existing GTT mmaps 3514 * ignore the cache bit in the PTE and we can 3515 * rewrite it without confusing the GPU or having 3516 * to force userspace to fault back in its mmaps. 3517 */ 3518 } 3519 3520 list_for_each_entry(vma, &obj->vma_list, obj_link) { 3521 if (!drm_mm_node_allocated(&vma->node)) 3522 continue; 3523 3524 ret = i915_vma_bind(vma, cache_level, PIN_UPDATE); 3525 if (ret) 3526 return ret; 3527 } 3528 } 3529 3530 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU && 3531 i915_gem_object_is_coherent(obj)) 3532 obj->cache_dirty = true; 3533 3534 list_for_each_entry(vma, &obj->vma_list, obj_link) 3535 vma->node.color = cache_level; 3536 obj->cache_level = cache_level; 3537 3538 return 0; 3539 } 3540 3541 int i915_gem_get_caching_ioctl(struct drm_device *dev, void *data, 3542 struct drm_file *file) 3543 { 3544 struct drm_i915_gem_caching *args = data; 3545 struct drm_i915_gem_object *obj; 3546 int err = 0; 3547 3548 rcu_read_lock(); 3549 obj = i915_gem_object_lookup_rcu(file, args->handle); 3550 if (!obj) { 3551 err = -ENOENT; 3552 goto out; 3553 } 3554 3555 switch (obj->cache_level) { 3556 case I915_CACHE_LLC: 3557 case I915_CACHE_L3_LLC: 3558 args->caching = I915_CACHING_CACHED; 3559 break; 3560 3561 case I915_CACHE_WT: 3562 args->caching = I915_CACHING_DISPLAY; 3563 break; 3564 3565 default: 3566 args->caching = I915_CACHING_NONE; 3567 break; 3568 } 3569 out: 3570 rcu_read_unlock(); 3571 return err; 3572 } 3573 3574 int i915_gem_set_caching_ioctl(struct drm_device *dev, void *data, 3575 struct drm_file *file) 3576 { 3577 struct drm_i915_private *i915 = to_i915(dev); 3578 struct drm_i915_gem_caching *args = data; 3579 struct drm_i915_gem_object *obj; 3580 enum i915_cache_level level; 3581 int ret = 0; 3582 3583 switch (args->caching) { 3584 case I915_CACHING_NONE: 3585 level = I915_CACHE_NONE; 3586 break; 3587 case I915_CACHING_CACHED: 3588 /* 3589 * Due to a HW issue on BXT A stepping, GPU stores via a 3590 * snooped mapping may leave stale data in a corresponding CPU 3591 * cacheline, whereas normally such cachelines would get 3592 * invalidated. 3593 */ 3594 if (!HAS_LLC(i915) && !HAS_SNOOP(i915)) 3595 return -ENODEV; 3596 3597 level = I915_CACHE_LLC; 3598 break; 3599 case I915_CACHING_DISPLAY: 3600 level = HAS_WT(i915) ? I915_CACHE_WT : I915_CACHE_NONE; 3601 break; 3602 default: 3603 return -EINVAL; 3604 } 3605 3606 obj = i915_gem_object_lookup(file, args->handle); 3607 if (!obj) 3608 return -ENOENT; 3609 3610 if (obj->cache_level == level) 3611 goto out; 3612 3613 ret = i915_gem_object_wait(obj, 3614 I915_WAIT_INTERRUPTIBLE, 3615 MAX_SCHEDULE_TIMEOUT, 3616 to_rps_client(file)); 3617 if (ret) 3618 goto out; 3619 3620 ret = i915_mutex_lock_interruptible(dev); 3621 if (ret) 3622 goto out; 3623 3624 ret = i915_gem_object_set_cache_level(obj, level); 3625 mutex_unlock(&dev->struct_mutex); 3626 3627 out: 3628 i915_gem_object_put(obj); 3629 return ret; 3630 } 3631 3632 /* 3633 * Prepare buffer for display plane (scanout, cursors, etc). 3634 * Can be called from an uninterruptible phase (modesetting) and allows 3635 * any flushes to be pipelined (for pageflips). 3636 */ 3637 struct i915_vma * 3638 i915_gem_object_pin_to_display_plane(struct drm_i915_gem_object *obj, 3639 u32 alignment, 3640 const struct i915_ggtt_view *view) 3641 { 3642 struct i915_vma *vma; 3643 int ret; 3644 3645 lockdep_assert_held(&obj->base.dev->struct_mutex); 3646 3647 /* Mark the pin_display early so that we account for the 3648 * display coherency whilst setting up the cache domains. 3649 */ 3650 obj->pin_display++; 3651 3652 /* The display engine is not coherent with the LLC cache on gen6. As 3653 * a result, we make sure that the pinning that is about to occur is 3654 * done with uncached PTEs. This is lowest common denominator for all 3655 * chipsets. 3656 * 3657 * However for gen6+, we could do better by using the GFDT bit instead 3658 * of uncaching, which would allow us to flush all the LLC-cached data 3659 * with that bit in the PTE to main memory with just one PIPE_CONTROL. 3660 */ 3661 ret = i915_gem_object_set_cache_level(obj, 3662 HAS_WT(to_i915(obj->base.dev)) ? 3663 I915_CACHE_WT : I915_CACHE_NONE); 3664 if (ret) { 3665 vma = ERR_PTR(ret); 3666 goto err_unpin_display; 3667 } 3668 3669 /* As the user may map the buffer once pinned in the display plane 3670 * (e.g. libkms for the bootup splash), we have to ensure that we 3671 * always use map_and_fenceable for all scanout buffers. However, 3672 * it may simply be too big to fit into mappable, in which case 3673 * put it anyway and hope that userspace can cope (but always first 3674 * try to preserve the existing ABI). 3675 */ 3676 vma = ERR_PTR(-ENOSPC); 3677 if (!view || view->type == I915_GGTT_VIEW_NORMAL) 3678 vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment, 3679 PIN_MAPPABLE | PIN_NONBLOCK); 3680 if (IS_ERR(vma)) { 3681 struct drm_i915_private *i915 = to_i915(obj->base.dev); 3682 unsigned int flags; 3683 3684 /* Valleyview is definitely limited to scanning out the first 3685 * 512MiB. Lets presume this behaviour was inherited from the 3686 * g4x display engine and that all earlier gen are similarly 3687 * limited. Testing suggests that it is a little more 3688 * complicated than this. For example, Cherryview appears quite 3689 * happy to scanout from anywhere within its global aperture. 3690 */ 3691 flags = 0; 3692 if (HAS_GMCH_DISPLAY(i915)) 3693 flags = PIN_MAPPABLE; 3694 vma = i915_gem_object_ggtt_pin(obj, view, 0, alignment, flags); 3695 } 3696 if (IS_ERR(vma)) 3697 goto err_unpin_display; 3698 3699 vma->display_alignment = max_t(u64, vma->display_alignment, alignment); 3700 3701 /* Treat this as an end-of-frame, like intel_user_framebuffer_dirty() */ 3702 __i915_gem_object_flush_for_display(obj); 3703 intel_fb_obj_flush(obj, ORIGIN_DIRTYFB); 3704 3705 /* It should now be out of any other write domains, and we can update 3706 * the domain values for our changes. 3707 */ 3708 obj->base.read_domains |= I915_GEM_DOMAIN_GTT; 3709 3710 return vma; 3711 3712 err_unpin_display: 3713 obj->pin_display--; 3714 return vma; 3715 } 3716 3717 void 3718 i915_gem_object_unpin_from_display_plane(struct i915_vma *vma) 3719 { 3720 lockdep_assert_held(&vma->vm->i915->drm.struct_mutex); 3721 3722 if (WARN_ON(vma->obj->pin_display == 0)) 3723 return; 3724 3725 if (--vma->obj->pin_display == 0) 3726 vma->display_alignment = I915_GTT_MIN_ALIGNMENT; 3727 3728 /* Bump the LRU to try and avoid premature eviction whilst flipping */ 3729 i915_gem_object_bump_inactive_ggtt(vma->obj); 3730 3731 i915_vma_unpin(vma); 3732 } 3733 3734 /** 3735 * Moves a single object to the CPU read, and possibly write domain. 3736 * @obj: object to act on 3737 * @write: requesting write or read-only access 3738 * 3739 * This function returns when the move is complete, including waiting on 3740 * flushes to occur. 3741 */ 3742 int 3743 i915_gem_object_set_to_cpu_domain(struct drm_i915_gem_object *obj, bool write) 3744 { 3745 int ret; 3746 3747 lockdep_assert_held(&obj->base.dev->struct_mutex); 3748 3749 ret = i915_gem_object_wait(obj, 3750 I915_WAIT_INTERRUPTIBLE | 3751 I915_WAIT_LOCKED | 3752 (write ? I915_WAIT_ALL : 0), 3753 MAX_SCHEDULE_TIMEOUT, 3754 NULL); 3755 if (ret) 3756 return ret; 3757 3758 if (obj->base.write_domain == I915_GEM_DOMAIN_CPU) 3759 return 0; 3760 3761 i915_gem_object_flush_gtt_write_domain(obj); 3762 3763 /* Flush the CPU cache if it's still invalid. */ 3764 if ((obj->base.read_domains & I915_GEM_DOMAIN_CPU) == 0) { 3765 i915_gem_clflush_object(obj, I915_CLFLUSH_SYNC); 3766 obj->base.read_domains |= I915_GEM_DOMAIN_CPU; 3767 } 3768 3769 /* It should now be out of any other write domains, and we can update 3770 * the domain values for our changes. 3771 */ 3772 GEM_BUG_ON((obj->base.write_domain & ~I915_GEM_DOMAIN_CPU) != 0); 3773 3774 /* If we're writing through the CPU, then the GPU read domains will 3775 * need to be invalidated at next use. 3776 */ 3777 if (write) { 3778 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 3779 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 3780 } 3781 3782 return 0; 3783 } 3784 3785 /* Throttle our rendering by waiting until the ring has completed our requests 3786 * emitted over 20 msec ago. 3787 * 3788 * Note that if we were to use the current jiffies each time around the loop, 3789 * we wouldn't escape the function with any frames outstanding if the time to 3790 * render a frame was over 20ms. 3791 * 3792 * This should get us reasonable parallelism between CPU and GPU but also 3793 * relatively low latency when blocking on a particular request to finish. 3794 */ 3795 static int 3796 i915_gem_ring_throttle(struct drm_device *dev, struct drm_file *file) 3797 { 3798 struct drm_i915_private *dev_priv = to_i915(dev); 3799 struct drm_i915_file_private *file_priv = file->driver_priv; 3800 unsigned long recent_enough = jiffies - DRM_I915_THROTTLE_JIFFIES; 3801 struct drm_i915_gem_request *request, *target = NULL; 3802 long ret; 3803 3804 /* ABI: return -EIO if already wedged */ 3805 if (i915_terminally_wedged(&dev_priv->gpu_error)) 3806 return -EIO; 3807 3808 spin_lock(&file_priv->mm.lock); 3809 list_for_each_entry(request, &file_priv->mm.request_list, client_link) { 3810 if (time_after_eq(request->emitted_jiffies, recent_enough)) 3811 break; 3812 3813 if (target) { 3814 list_del(&target->client_link); 3815 target->file_priv = NULL; 3816 } 3817 3818 target = request; 3819 } 3820 if (target) 3821 i915_gem_request_get(target); 3822 spin_unlock(&file_priv->mm.lock); 3823 3824 if (target == NULL) 3825 return 0; 3826 3827 ret = i915_wait_request(target, 3828 I915_WAIT_INTERRUPTIBLE, 3829 MAX_SCHEDULE_TIMEOUT); 3830 i915_gem_request_put(target); 3831 3832 return ret < 0 ? ret : 0; 3833 } 3834 3835 struct i915_vma * 3836 i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj, 3837 const struct i915_ggtt_view *view, 3838 u64 size, 3839 u64 alignment, 3840 u64 flags) 3841 { 3842 struct drm_i915_private *dev_priv = to_i915(obj->base.dev); 3843 struct i915_address_space *vm = &dev_priv->ggtt.base; 3844 struct i915_vma *vma; 3845 int ret; 3846 3847 lockdep_assert_held(&obj->base.dev->struct_mutex); 3848 3849 vma = i915_vma_instance(obj, vm, view); 3850 if (unlikely(IS_ERR(vma))) 3851 return vma; 3852 3853 if (i915_vma_misplaced(vma, size, alignment, flags)) { 3854 if (flags & PIN_NONBLOCK && 3855 (i915_vma_is_pinned(vma) || i915_vma_is_active(vma))) 3856 return ERR_PTR(-ENOSPC); 3857 3858 if (flags & PIN_MAPPABLE) { 3859 /* If the required space is larger than the available 3860 * aperture, we will not able to find a slot for the 3861 * object and unbinding the object now will be in 3862 * vain. Worse, doing so may cause us to ping-pong 3863 * the object in and out of the Global GTT and 3864 * waste a lot of cycles under the mutex. 3865 */ 3866 if (vma->fence_size > dev_priv->ggtt.mappable_end) 3867 return ERR_PTR(-E2BIG); 3868 3869 /* If NONBLOCK is set the caller is optimistically 3870 * trying to cache the full object within the mappable 3871 * aperture, and *must* have a fallback in place for 3872 * situations where we cannot bind the object. We 3873 * can be a little more lax here and use the fallback 3874 * more often to avoid costly migrations of ourselves 3875 * and other objects within the aperture. 3876 * 3877 * Half-the-aperture is used as a simple heuristic. 3878 * More interesting would to do search for a free 3879 * block prior to making the commitment to unbind. 3880 * That caters for the self-harm case, and with a 3881 * little more heuristics (e.g. NOFAULT, NOEVICT) 3882 * we could try to minimise harm to others. 3883 */ 3884 if (flags & PIN_NONBLOCK && 3885 vma->fence_size > dev_priv->ggtt.mappable_end / 2) 3886 return ERR_PTR(-ENOSPC); 3887 } 3888 3889 WARN(i915_vma_is_pinned(vma), 3890 "bo is already pinned in ggtt with incorrect alignment:" 3891 " offset=%08x, req.alignment=%llx," 3892 " req.map_and_fenceable=%d, vma->map_and_fenceable=%d\n", 3893 i915_ggtt_offset(vma), alignment, 3894 !!(flags & PIN_MAPPABLE), 3895 i915_vma_is_map_and_fenceable(vma)); 3896 ret = i915_vma_unbind(vma); 3897 if (ret) 3898 return ERR_PTR(ret); 3899 } 3900 3901 ret = i915_vma_pin(vma, size, alignment, flags | PIN_GLOBAL); 3902 if (ret) 3903 return ERR_PTR(ret); 3904 3905 return vma; 3906 } 3907 3908 static __always_inline unsigned int __busy_read_flag(unsigned int id) 3909 { 3910 /* Note that we could alias engines in the execbuf API, but 3911 * that would be very unwise as it prevents userspace from 3912 * fine control over engine selection. Ahem. 3913 * 3914 * This should be something like EXEC_MAX_ENGINE instead of 3915 * I915_NUM_ENGINES. 3916 */ 3917 BUILD_BUG_ON(I915_NUM_ENGINES > 16); 3918 return 0x10000 << id; 3919 } 3920 3921 static __always_inline unsigned int __busy_write_id(unsigned int id) 3922 { 3923 /* The uABI guarantees an active writer is also amongst the read 3924 * engines. This would be true if we accessed the activity tracking 3925 * under the lock, but as we perform the lookup of the object and 3926 * its activity locklessly we can not guarantee that the last_write 3927 * being active implies that we have set the same engine flag from 3928 * last_read - hence we always set both read and write busy for 3929 * last_write. 3930 */ 3931 return id | __busy_read_flag(id); 3932 } 3933 3934 static __always_inline unsigned int 3935 __busy_set_if_active(const struct dma_fence *fence, 3936 unsigned int (*flag)(unsigned int id)) 3937 { 3938 struct drm_i915_gem_request *rq; 3939 3940 /* We have to check the current hw status of the fence as the uABI 3941 * guarantees forward progress. We could rely on the idle worker 3942 * to eventually flush us, but to minimise latency just ask the 3943 * hardware. 3944 * 3945 * Note we only report on the status of native fences. 3946 */ 3947 if (!dma_fence_is_i915(fence)) 3948 return 0; 3949 3950 /* opencode to_request() in order to avoid const warnings */ 3951 rq = container_of(fence, struct drm_i915_gem_request, fence); 3952 if (i915_gem_request_completed(rq)) 3953 return 0; 3954 3955 return flag(rq->engine->exec_id); 3956 } 3957 3958 static __always_inline unsigned int 3959 busy_check_reader(const struct dma_fence *fence) 3960 { 3961 return __busy_set_if_active(fence, __busy_read_flag); 3962 } 3963 3964 static __always_inline unsigned int 3965 busy_check_writer(const struct dma_fence *fence) 3966 { 3967 if (!fence) 3968 return 0; 3969 3970 return __busy_set_if_active(fence, __busy_write_id); 3971 } 3972 3973 int 3974 i915_gem_busy_ioctl(struct drm_device *dev, void *data, 3975 struct drm_file *file) 3976 { 3977 struct drm_i915_gem_busy *args = data; 3978 struct drm_i915_gem_object *obj; 3979 struct reservation_object_list *list; 3980 unsigned int seq; 3981 int err; 3982 3983 err = -ENOENT; 3984 rcu_read_lock(); 3985 obj = i915_gem_object_lookup_rcu(file, args->handle); 3986 if (!obj) 3987 goto out; 3988 3989 /* A discrepancy here is that we do not report the status of 3990 * non-i915 fences, i.e. even though we may report the object as idle, 3991 * a call to set-domain may still stall waiting for foreign rendering. 3992 * This also means that wait-ioctl may report an object as busy, 3993 * where busy-ioctl considers it idle. 3994 * 3995 * We trade the ability to warn of foreign fences to report on which 3996 * i915 engines are active for the object. 3997 * 3998 * Alternatively, we can trade that extra information on read/write 3999 * activity with 4000 * args->busy = 4001 * !reservation_object_test_signaled_rcu(obj->resv, true); 4002 * to report the overall busyness. This is what the wait-ioctl does. 4003 * 4004 */ 4005 retry: 4006 seq = raw_read_seqcount(&obj->resv->seq); 4007 4008 /* Translate the exclusive fence to the READ *and* WRITE engine */ 4009 args->busy = busy_check_writer(rcu_dereference(obj->resv->fence_excl)); 4010 4011 /* Translate shared fences to READ set of engines */ 4012 list = rcu_dereference(obj->resv->fence); 4013 if (list) { 4014 unsigned int shared_count = list->shared_count, i; 4015 4016 for (i = 0; i < shared_count; ++i) { 4017 struct dma_fence *fence = 4018 rcu_dereference(list->shared[i]); 4019 4020 args->busy |= busy_check_reader(fence); 4021 } 4022 } 4023 4024 if (args->busy && read_seqcount_retry(&obj->resv->seq, seq)) 4025 goto retry; 4026 4027 err = 0; 4028 out: 4029 rcu_read_unlock(); 4030 return err; 4031 } 4032 4033 int 4034 i915_gem_throttle_ioctl(struct drm_device *dev, void *data, 4035 struct drm_file *file_priv) 4036 { 4037 return i915_gem_ring_throttle(dev, file_priv); 4038 } 4039 4040 int 4041 i915_gem_madvise_ioctl(struct drm_device *dev, void *data, 4042 struct drm_file *file_priv) 4043 { 4044 struct drm_i915_private *dev_priv = to_i915(dev); 4045 struct drm_i915_gem_madvise *args = data; 4046 struct drm_i915_gem_object *obj; 4047 int err; 4048 4049 switch (args->madv) { 4050 case I915_MADV_DONTNEED: 4051 case I915_MADV_WILLNEED: 4052 break; 4053 default: 4054 return -EINVAL; 4055 } 4056 4057 obj = i915_gem_object_lookup(file_priv, args->handle); 4058 if (!obj) 4059 return -ENOENT; 4060 4061 err = mutex_lock_interruptible(&obj->mm.lock); 4062 if (err) 4063 goto out; 4064 4065 if (obj->mm.pages && 4066 i915_gem_object_is_tiled(obj) && 4067 dev_priv->quirks & QUIRK_PIN_SWIZZLED_PAGES) { 4068 if (obj->mm.madv == I915_MADV_WILLNEED) { 4069 GEM_BUG_ON(!obj->mm.quirked); 4070 __i915_gem_object_unpin_pages(obj); 4071 obj->mm.quirked = false; 4072 } 4073 if (args->madv == I915_MADV_WILLNEED) { 4074 GEM_BUG_ON(obj->mm.quirked); 4075 __i915_gem_object_pin_pages(obj); 4076 obj->mm.quirked = true; 4077 } 4078 } 4079 4080 if (obj->mm.madv != __I915_MADV_PURGED) 4081 obj->mm.madv = args->madv; 4082 4083 /* if the object is no longer attached, discard its backing storage */ 4084 if (obj->mm.madv == I915_MADV_DONTNEED && !obj->mm.pages) 4085 i915_gem_object_truncate(obj); 4086 4087 args->retained = obj->mm.madv != __I915_MADV_PURGED; 4088 mutex_unlock(&obj->mm.lock); 4089 4090 out: 4091 i915_gem_object_put(obj); 4092 return err; 4093 } 4094 4095 static void 4096 frontbuffer_retire(struct i915_gem_active *active, 4097 struct drm_i915_gem_request *request) 4098 { 4099 struct drm_i915_gem_object *obj = 4100 container_of(active, typeof(*obj), frontbuffer_write); 4101 4102 intel_fb_obj_flush(obj, ORIGIN_CS); 4103 } 4104 4105 void i915_gem_object_init(struct drm_i915_gem_object *obj, 4106 const struct drm_i915_gem_object_ops *ops) 4107 { 4108 mutex_init(&obj->mm.lock); 4109 4110 INIT_LIST_HEAD(&obj->global_link); 4111 INIT_LIST_HEAD(&obj->userfault_link); 4112 INIT_LIST_HEAD(&obj->obj_exec_link); 4113 INIT_LIST_HEAD(&obj->vma_list); 4114 INIT_LIST_HEAD(&obj->batch_pool_link); 4115 4116 obj->ops = ops; 4117 4118 reservation_object_init(&obj->__builtin_resv); 4119 obj->resv = &obj->__builtin_resv; 4120 4121 obj->frontbuffer_ggtt_origin = ORIGIN_GTT; 4122 init_request_active(&obj->frontbuffer_write, frontbuffer_retire); 4123 4124 obj->mm.madv = I915_MADV_WILLNEED; 4125 INIT_RADIX_TREE(&obj->mm.get_page.radix, GFP_KERNEL | __GFP_NOWARN); 4126 mutex_init(&obj->mm.get_page.lock); 4127 4128 i915_gem_info_add_obj(to_i915(obj->base.dev), obj->base.size); 4129 } 4130 4131 static const struct drm_i915_gem_object_ops i915_gem_object_ops = { 4132 .flags = I915_GEM_OBJECT_HAS_STRUCT_PAGE | 4133 I915_GEM_OBJECT_IS_SHRINKABLE, 4134 4135 .get_pages = i915_gem_object_get_pages_gtt, 4136 .put_pages = i915_gem_object_put_pages_gtt, 4137 4138 .pwrite = i915_gem_object_pwrite_gtt, 4139 }; 4140 4141 struct drm_i915_gem_object * 4142 i915_gem_object_create(struct drm_i915_private *dev_priv, u64 size) 4143 { 4144 struct drm_i915_gem_object *obj; 4145 struct address_space *mapping; 4146 gfp_t mask; 4147 int ret; 4148 4149 /* There is a prevalence of the assumption that we fit the object's 4150 * page count inside a 32bit _signed_ variable. Let's document this and 4151 * catch if we ever need to fix it. In the meantime, if you do spot 4152 * such a local variable, please consider fixing! 4153 */ 4154 if (WARN_ON(size >> PAGE_SHIFT > INT_MAX)) 4155 return ERR_PTR(-E2BIG); 4156 4157 if (overflows_type(size, obj->base.size)) 4158 return ERR_PTR(-E2BIG); 4159 4160 obj = i915_gem_object_alloc(dev_priv); 4161 if (obj == NULL) 4162 return ERR_PTR(-ENOMEM); 4163 4164 ret = drm_gem_object_init(&dev_priv->drm, &obj->base, size); 4165 if (ret) 4166 goto fail; 4167 4168 mask = GFP_HIGHUSER | __GFP_RECLAIMABLE; 4169 if (IS_I965GM(dev_priv) || IS_I965G(dev_priv)) { 4170 /* 965gm cannot relocate objects above 4GiB. */ 4171 mask &= ~__GFP_HIGHMEM; 4172 mask |= __GFP_DMA32; 4173 } 4174 4175 mapping = obj->base.filp->f_mapping; 4176 mapping_set_gfp_mask(mapping, mask); 4177 4178 i915_gem_object_init(obj, &i915_gem_object_ops); 4179 4180 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 4181 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 4182 4183 if (HAS_LLC(dev_priv)) { 4184 /* On some devices, we can have the GPU use the LLC (the CPU 4185 * cache) for about a 10% performance improvement 4186 * compared to uncached. Graphics requests other than 4187 * display scanout are coherent with the CPU in 4188 * accessing this cache. This means in this mode we 4189 * don't need to clflush on the CPU side, and on the 4190 * GPU side we only need to flush internal caches to 4191 * get data visible to the CPU. 4192 * 4193 * However, we maintain the display planes as UC, and so 4194 * need to rebind when first used as such. 4195 */ 4196 obj->cache_level = I915_CACHE_LLC; 4197 } else 4198 obj->cache_level = I915_CACHE_NONE; 4199 4200 trace_i915_gem_object_create(obj); 4201 4202 return obj; 4203 4204 fail: 4205 i915_gem_object_free(obj); 4206 return ERR_PTR(ret); 4207 } 4208 4209 static bool discard_backing_storage(struct drm_i915_gem_object *obj) 4210 { 4211 /* If we are the last user of the backing storage (be it shmemfs 4212 * pages or stolen etc), we know that the pages are going to be 4213 * immediately released. In this case, we can then skip copying 4214 * back the contents from the GPU. 4215 */ 4216 4217 if (obj->mm.madv != I915_MADV_WILLNEED) 4218 return false; 4219 4220 if (obj->base.filp == NULL) 4221 return true; 4222 4223 /* At first glance, this looks racy, but then again so would be 4224 * userspace racing mmap against close. However, the first external 4225 * reference to the filp can only be obtained through the 4226 * i915_gem_mmap_ioctl() which safeguards us against the user 4227 * acquiring such a reference whilst we are in the middle of 4228 * freeing the object. 4229 */ 4230 return atomic_long_read(&obj->base.filp->f_count) == 1; 4231 } 4232 4233 static void __i915_gem_free_objects(struct drm_i915_private *i915, 4234 struct llist_node *freed) 4235 { 4236 struct drm_i915_gem_object *obj, *on; 4237 4238 mutex_lock(&i915->drm.struct_mutex); 4239 intel_runtime_pm_get(i915); 4240 llist_for_each_entry(obj, freed, freed) { 4241 struct i915_vma *vma, *vn; 4242 4243 trace_i915_gem_object_destroy(obj); 4244 4245 GEM_BUG_ON(i915_gem_object_is_active(obj)); 4246 list_for_each_entry_safe(vma, vn, 4247 &obj->vma_list, obj_link) { 4248 GEM_BUG_ON(!i915_vma_is_ggtt(vma)); 4249 GEM_BUG_ON(i915_vma_is_active(vma)); 4250 vma->flags &= ~I915_VMA_PIN_MASK; 4251 i915_vma_close(vma); 4252 } 4253 GEM_BUG_ON(!list_empty(&obj->vma_list)); 4254 GEM_BUG_ON(!RB_EMPTY_ROOT(&obj->vma_tree)); 4255 4256 list_del(&obj->global_link); 4257 } 4258 intel_runtime_pm_put(i915); 4259 mutex_unlock(&i915->drm.struct_mutex); 4260 4261 llist_for_each_entry_safe(obj, on, freed, freed) { 4262 GEM_BUG_ON(obj->bind_count); 4263 GEM_BUG_ON(atomic_read(&obj->frontbuffer_bits)); 4264 4265 if (obj->ops->release) 4266 obj->ops->release(obj); 4267 4268 if (WARN_ON(i915_gem_object_has_pinned_pages(obj))) 4269 atomic_set(&obj->mm.pages_pin_count, 0); 4270 __i915_gem_object_put_pages(obj, I915_MM_NORMAL); 4271 GEM_BUG_ON(obj->mm.pages); 4272 4273 if (obj->base.import_attach) 4274 drm_prime_gem_destroy(&obj->base, NULL); 4275 4276 reservation_object_fini(&obj->__builtin_resv); 4277 drm_gem_object_release(&obj->base); 4278 i915_gem_info_remove_obj(i915, obj->base.size); 4279 4280 kfree(obj->bit_17); 4281 i915_gem_object_free(obj); 4282 } 4283 } 4284 4285 static void i915_gem_flush_free_objects(struct drm_i915_private *i915) 4286 { 4287 struct llist_node *freed; 4288 4289 freed = llist_del_all(&i915->mm.free_list); 4290 if (unlikely(freed)) 4291 __i915_gem_free_objects(i915, freed); 4292 } 4293 4294 static void __i915_gem_free_work(struct work_struct *work) 4295 { 4296 struct drm_i915_private *i915 = 4297 container_of(work, struct drm_i915_private, mm.free_work); 4298 struct llist_node *freed; 4299 4300 /* All file-owned VMA should have been released by this point through 4301 * i915_gem_close_object(), or earlier by i915_gem_context_close(). 4302 * However, the object may also be bound into the global GTT (e.g. 4303 * older GPUs without per-process support, or for direct access through 4304 * the GTT either for the user or for scanout). Those VMA still need to 4305 * unbound now. 4306 */ 4307 4308 while ((freed = llist_del_all(&i915->mm.free_list))) 4309 __i915_gem_free_objects(i915, freed); 4310 } 4311 4312 static void __i915_gem_free_object_rcu(struct rcu_head *head) 4313 { 4314 struct drm_i915_gem_object *obj = 4315 container_of(head, typeof(*obj), rcu); 4316 struct drm_i915_private *i915 = to_i915(obj->base.dev); 4317 4318 /* We can't simply use call_rcu() from i915_gem_free_object() 4319 * as we need to block whilst unbinding, and the call_rcu 4320 * task may be called from softirq context. So we take a 4321 * detour through a worker. 4322 */ 4323 if (llist_add(&obj->freed, &i915->mm.free_list)) 4324 schedule_work(&i915->mm.free_work); 4325 } 4326 4327 void i915_gem_free_object(struct drm_gem_object *gem_obj) 4328 { 4329 struct drm_i915_gem_object *obj = to_intel_bo(gem_obj); 4330 4331 if (obj->mm.quirked) 4332 __i915_gem_object_unpin_pages(obj); 4333 4334 if (discard_backing_storage(obj)) 4335 obj->mm.madv = I915_MADV_DONTNEED; 4336 4337 /* Before we free the object, make sure any pure RCU-only 4338 * read-side critical sections are complete, e.g. 4339 * i915_gem_busy_ioctl(). For the corresponding synchronized 4340 * lookup see i915_gem_object_lookup_rcu(). 4341 */ 4342 call_rcu(&obj->rcu, __i915_gem_free_object_rcu); 4343 } 4344 4345 void __i915_gem_object_release_unless_active(struct drm_i915_gem_object *obj) 4346 { 4347 lockdep_assert_held(&obj->base.dev->struct_mutex); 4348 4349 GEM_BUG_ON(i915_gem_object_has_active_reference(obj)); 4350 if (i915_gem_object_is_active(obj)) 4351 i915_gem_object_set_active_reference(obj); 4352 else 4353 i915_gem_object_put(obj); 4354 } 4355 4356 static void assert_kernel_context_is_current(struct drm_i915_private *dev_priv) 4357 { 4358 struct intel_engine_cs *engine; 4359 enum intel_engine_id id; 4360 4361 for_each_engine(engine, dev_priv, id) 4362 GEM_BUG_ON(engine->last_retired_context && 4363 !i915_gem_context_is_kernel(engine->last_retired_context)); 4364 } 4365 4366 void i915_gem_sanitize(struct drm_i915_private *i915) 4367 { 4368 /* 4369 * If we inherit context state from the BIOS or earlier occupants 4370 * of the GPU, the GPU may be in an inconsistent state when we 4371 * try to take over. The only way to remove the earlier state 4372 * is by resetting. However, resetting on earlier gen is tricky as 4373 * it may impact the display and we are uncertain about the stability 4374 * of the reset, so we only reset recent machines with logical 4375 * context support (that must be reset to remove any stray contexts). 4376 */ 4377 if (HAS_HW_CONTEXTS(i915)) { 4378 int reset = intel_gpu_reset(i915, ALL_ENGINES); 4379 WARN_ON(reset && reset != -ENODEV); 4380 } 4381 } 4382 4383 int i915_gem_suspend(struct drm_i915_private *dev_priv) 4384 { 4385 struct drm_device *dev = &dev_priv->drm; 4386 int ret; 4387 4388 intel_runtime_pm_get(dev_priv); 4389 intel_suspend_gt_powersave(dev_priv); 4390 4391 mutex_lock(&dev->struct_mutex); 4392 4393 /* We have to flush all the executing contexts to main memory so 4394 * that they can saved in the hibernation image. To ensure the last 4395 * context image is coherent, we have to switch away from it. That 4396 * leaves the dev_priv->kernel_context still active when 4397 * we actually suspend, and its image in memory may not match the GPU 4398 * state. Fortunately, the kernel_context is disposable and we do 4399 * not rely on its state. 4400 */ 4401 ret = i915_gem_switch_to_kernel_context(dev_priv); 4402 if (ret) 4403 goto err_unlock; 4404 4405 ret = i915_gem_wait_for_idle(dev_priv, 4406 I915_WAIT_INTERRUPTIBLE | 4407 I915_WAIT_LOCKED); 4408 if (ret) 4409 goto err_unlock; 4410 4411 i915_gem_retire_requests(dev_priv); 4412 GEM_BUG_ON(dev_priv->gt.active_requests); 4413 4414 assert_kernel_context_is_current(dev_priv); 4415 i915_gem_context_lost(dev_priv); 4416 mutex_unlock(&dev->struct_mutex); 4417 4418 cancel_delayed_work_sync(&dev_priv->gpu_error.hangcheck_work); 4419 cancel_delayed_work_sync(&dev_priv->gt.retire_work); 4420 4421 /* As the idle_work is rearming if it detects a race, play safe and 4422 * repeat the flush until it is definitely idle. 4423 */ 4424 while (flush_delayed_work(&dev_priv->gt.idle_work)) 4425 ; 4426 4427 i915_gem_drain_freed_objects(dev_priv); 4428 4429 /* Assert that we sucessfully flushed all the work and 4430 * reset the GPU back to its idle, low power state. 4431 */ 4432 WARN_ON(dev_priv->gt.awake); 4433 WARN_ON(!intel_engines_are_idle(dev_priv)); 4434 4435 /* 4436 * Neither the BIOS, ourselves or any other kernel 4437 * expects the system to be in execlists mode on startup, 4438 * so we need to reset the GPU back to legacy mode. And the only 4439 * known way to disable logical contexts is through a GPU reset. 4440 * 4441 * So in order to leave the system in a known default configuration, 4442 * always reset the GPU upon unload and suspend. Afterwards we then 4443 * clean up the GEM state tracking, flushing off the requests and 4444 * leaving the system in a known idle state. 4445 * 4446 * Note that is of the upmost importance that the GPU is idle and 4447 * all stray writes are flushed *before* we dismantle the backing 4448 * storage for the pinned objects. 4449 * 4450 * However, since we are uncertain that resetting the GPU on older 4451 * machines is a good idea, we don't - just in case it leaves the 4452 * machine in an unusable condition. 4453 */ 4454 i915_gem_sanitize(dev_priv); 4455 goto out_rpm_put; 4456 4457 err_unlock: 4458 mutex_unlock(&dev->struct_mutex); 4459 out_rpm_put: 4460 intel_runtime_pm_put(dev_priv); 4461 return ret; 4462 } 4463 4464 void i915_gem_resume(struct drm_i915_private *dev_priv) 4465 { 4466 struct drm_device *dev = &dev_priv->drm; 4467 4468 WARN_ON(dev_priv->gt.awake); 4469 4470 mutex_lock(&dev->struct_mutex); 4471 i915_gem_restore_gtt_mappings(dev_priv); 4472 4473 /* As we didn't flush the kernel context before suspend, we cannot 4474 * guarantee that the context image is complete. So let's just reset 4475 * it and start again. 4476 */ 4477 dev_priv->gt.resume(dev_priv); 4478 4479 mutex_unlock(&dev->struct_mutex); 4480 } 4481 4482 void i915_gem_init_swizzling(struct drm_i915_private *dev_priv) 4483 { 4484 if (INTEL_GEN(dev_priv) < 5 || 4485 dev_priv->mm.bit_6_swizzle_x == I915_BIT_6_SWIZZLE_NONE) 4486 return; 4487 4488 I915_WRITE(DISP_ARB_CTL, I915_READ(DISP_ARB_CTL) | 4489 DISP_TILE_SURFACE_SWIZZLING); 4490 4491 if (IS_GEN5(dev_priv)) 4492 return; 4493 4494 I915_WRITE(TILECTL, I915_READ(TILECTL) | TILECTL_SWZCTL); 4495 if (IS_GEN6(dev_priv)) 4496 I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_SNB)); 4497 else if (IS_GEN7(dev_priv)) 4498 I915_WRITE(ARB_MODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_IVB)); 4499 else if (IS_GEN8(dev_priv)) 4500 I915_WRITE(GAMTARBMODE, _MASKED_BIT_ENABLE(ARB_MODE_SWIZZLE_BDW)); 4501 else 4502 BUG(); 4503 } 4504 4505 static void init_unused_ring(struct drm_i915_private *dev_priv, u32 base) 4506 { 4507 I915_WRITE(RING_CTL(base), 0); 4508 I915_WRITE(RING_HEAD(base), 0); 4509 I915_WRITE(RING_TAIL(base), 0); 4510 I915_WRITE(RING_START(base), 0); 4511 } 4512 4513 static void init_unused_rings(struct drm_i915_private *dev_priv) 4514 { 4515 if (IS_I830(dev_priv)) { 4516 init_unused_ring(dev_priv, PRB1_BASE); 4517 init_unused_ring(dev_priv, SRB0_BASE); 4518 init_unused_ring(dev_priv, SRB1_BASE); 4519 init_unused_ring(dev_priv, SRB2_BASE); 4520 init_unused_ring(dev_priv, SRB3_BASE); 4521 } else if (IS_GEN2(dev_priv)) { 4522 init_unused_ring(dev_priv, SRB0_BASE); 4523 init_unused_ring(dev_priv, SRB1_BASE); 4524 } else if (IS_GEN3(dev_priv)) { 4525 init_unused_ring(dev_priv, PRB1_BASE); 4526 init_unused_ring(dev_priv, PRB2_BASE); 4527 } 4528 } 4529 4530 static int __i915_gem_restart_engines(void *data) 4531 { 4532 struct drm_i915_private *i915 = data; 4533 struct intel_engine_cs *engine; 4534 enum intel_engine_id id; 4535 int err; 4536 4537 for_each_engine(engine, i915, id) { 4538 err = engine->init_hw(engine); 4539 if (err) 4540 return err; 4541 } 4542 4543 return 0; 4544 } 4545 4546 int i915_gem_init_hw(struct drm_i915_private *dev_priv) 4547 { 4548 int ret; 4549 4550 dev_priv->gt.last_init_time = ktime_get(); 4551 4552 /* Double layer security blanket, see i915_gem_init() */ 4553 intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); 4554 4555 if (HAS_EDRAM(dev_priv) && INTEL_GEN(dev_priv) < 9) 4556 I915_WRITE(HSW_IDICR, I915_READ(HSW_IDICR) | IDIHASHMSK(0xf)); 4557 4558 if (IS_HASWELL(dev_priv)) 4559 I915_WRITE(MI_PREDICATE_RESULT_2, IS_HSW_GT3(dev_priv) ? 4560 LOWER_SLICE_ENABLED : LOWER_SLICE_DISABLED); 4561 4562 if (HAS_PCH_NOP(dev_priv)) { 4563 if (IS_IVYBRIDGE(dev_priv)) { 4564 u32 temp = I915_READ(GEN7_MSG_CTL); 4565 temp &= ~(WAIT_FOR_PCH_FLR_ACK | WAIT_FOR_PCH_RESET_ACK); 4566 I915_WRITE(GEN7_MSG_CTL, temp); 4567 } else if (INTEL_GEN(dev_priv) >= 7) { 4568 u32 temp = I915_READ(HSW_NDE_RSTWRN_OPT); 4569 temp &= ~RESET_PCH_HANDSHAKE_ENABLE; 4570 I915_WRITE(HSW_NDE_RSTWRN_OPT, temp); 4571 } 4572 } 4573 4574 i915_gem_init_swizzling(dev_priv); 4575 4576 /* 4577 * At least 830 can leave some of the unused rings 4578 * "active" (ie. head != tail) after resume which 4579 * will prevent c3 entry. Makes sure all unused rings 4580 * are totally idle. 4581 */ 4582 init_unused_rings(dev_priv); 4583 4584 BUG_ON(!dev_priv->kernel_context); 4585 4586 ret = i915_ppgtt_init_hw(dev_priv); 4587 if (ret) { 4588 DRM_ERROR("PPGTT enable HW failed %d\n", ret); 4589 goto out; 4590 } 4591 4592 /* Need to do basic initialisation of all rings first: */ 4593 ret = __i915_gem_restart_engines(dev_priv); 4594 if (ret) 4595 goto out; 4596 4597 intel_mocs_init_l3cc_table(dev_priv); 4598 4599 /* We can't enable contexts until all firmware is loaded */ 4600 ret = intel_uc_init_hw(dev_priv); 4601 if (ret) 4602 goto out; 4603 4604 out: 4605 intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); 4606 return ret; 4607 } 4608 4609 bool intel_sanitize_semaphores(struct drm_i915_private *dev_priv, int value) 4610 { 4611 if (INTEL_INFO(dev_priv)->gen < 6) 4612 return false; 4613 4614 /* TODO: make semaphores and Execlists play nicely together */ 4615 if (i915.enable_execlists) 4616 return false; 4617 4618 if (value >= 0) 4619 return value; 4620 4621 #ifdef CONFIG_INTEL_IOMMU 4622 /* Enable semaphores on SNB when IO remapping is off */ 4623 if (INTEL_INFO(dev_priv)->gen == 6 && intel_iommu_gfx_mapped) 4624 return false; 4625 #endif 4626 4627 return true; 4628 } 4629 4630 int i915_gem_init(struct drm_i915_private *dev_priv) 4631 { 4632 int ret; 4633 4634 mutex_lock(&dev_priv->drm.struct_mutex); 4635 4636 i915_gem_clflush_init(dev_priv); 4637 4638 if (!i915.enable_execlists) { 4639 dev_priv->gt.resume = intel_legacy_submission_resume; 4640 dev_priv->gt.cleanup_engine = intel_engine_cleanup; 4641 } else { 4642 dev_priv->gt.resume = intel_lr_context_resume; 4643 dev_priv->gt.cleanup_engine = intel_logical_ring_cleanup; 4644 } 4645 4646 /* This is just a security blanket to placate dragons. 4647 * On some systems, we very sporadically observe that the first TLBs 4648 * used by the CS may be stale, despite us poking the TLB reset. If 4649 * we hold the forcewake during initialisation these problems 4650 * just magically go away. 4651 */ 4652 intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); 4653 4654 i915_gem_init_userptr(dev_priv); 4655 4656 ret = i915_gem_init_ggtt(dev_priv); 4657 if (ret) 4658 goto out_unlock; 4659 4660 ret = i915_gem_context_init(dev_priv); 4661 if (ret) 4662 goto out_unlock; 4663 4664 ret = intel_engines_init(dev_priv); 4665 if (ret) 4666 goto out_unlock; 4667 4668 ret = i915_gem_init_hw(dev_priv); 4669 if (ret == -EIO) { 4670 /* Allow engine initialisation to fail by marking the GPU as 4671 * wedged. But we only want to do this where the GPU is angry, 4672 * for all other failure, such as an allocation failure, bail. 4673 */ 4674 DRM_ERROR("Failed to initialize GPU, declaring it wedged\n"); 4675 i915_gem_set_wedged(dev_priv); 4676 ret = 0; 4677 } 4678 4679 out_unlock: 4680 intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); 4681 mutex_unlock(&dev_priv->drm.struct_mutex); 4682 4683 return ret; 4684 } 4685 4686 void i915_gem_init_mmio(struct drm_i915_private *i915) 4687 { 4688 i915_gem_sanitize(i915); 4689 } 4690 4691 void 4692 i915_gem_cleanup_engines(struct drm_i915_private *dev_priv) 4693 { 4694 struct intel_engine_cs *engine; 4695 enum intel_engine_id id; 4696 4697 for_each_engine(engine, dev_priv, id) 4698 dev_priv->gt.cleanup_engine(engine); 4699 } 4700 4701 void 4702 i915_gem_load_init_fences(struct drm_i915_private *dev_priv) 4703 { 4704 int i; 4705 4706 if (INTEL_INFO(dev_priv)->gen >= 7 && !IS_VALLEYVIEW(dev_priv) && 4707 !IS_CHERRYVIEW(dev_priv)) 4708 dev_priv->num_fence_regs = 32; 4709 else if (INTEL_INFO(dev_priv)->gen >= 4 || 4710 IS_I945G(dev_priv) || IS_I945GM(dev_priv) || 4711 IS_G33(dev_priv) || IS_PINEVIEW(dev_priv)) 4712 dev_priv->num_fence_regs = 16; 4713 else 4714 dev_priv->num_fence_regs = 8; 4715 4716 if (intel_vgpu_active(dev_priv)) 4717 dev_priv->num_fence_regs = 4718 I915_READ(vgtif_reg(avail_rs.fence_num)); 4719 4720 /* Initialize fence registers to zero */ 4721 for (i = 0; i < dev_priv->num_fence_regs; i++) { 4722 struct drm_i915_fence_reg *fence = &dev_priv->fence_regs[i]; 4723 4724 fence->i915 = dev_priv; 4725 fence->id = i; 4726 list_add_tail(&fence->link, &dev_priv->mm.fence_list); 4727 } 4728 i915_gem_restore_fences(dev_priv); 4729 4730 i915_gem_detect_bit_6_swizzle(dev_priv); 4731 } 4732 4733 int 4734 i915_gem_load_init(struct drm_i915_private *dev_priv) 4735 { 4736 int err = -ENOMEM; 4737 4738 dev_priv->objects = KMEM_CACHE(drm_i915_gem_object, SLAB_HWCACHE_ALIGN); 4739 if (!dev_priv->objects) 4740 goto err_out; 4741 4742 dev_priv->vmas = KMEM_CACHE(i915_vma, SLAB_HWCACHE_ALIGN); 4743 if (!dev_priv->vmas) 4744 goto err_objects; 4745 4746 dev_priv->requests = KMEM_CACHE(drm_i915_gem_request, 4747 SLAB_HWCACHE_ALIGN | 4748 SLAB_RECLAIM_ACCOUNT | 4749 SLAB_DESTROY_BY_RCU); 4750 if (!dev_priv->requests) 4751 goto err_vmas; 4752 4753 dev_priv->dependencies = KMEM_CACHE(i915_dependency, 4754 SLAB_HWCACHE_ALIGN | 4755 SLAB_RECLAIM_ACCOUNT); 4756 if (!dev_priv->dependencies) 4757 goto err_requests; 4758 4759 mutex_lock(&dev_priv->drm.struct_mutex); 4760 INIT_LIST_HEAD(&dev_priv->gt.timelines); 4761 err = i915_gem_timeline_init__global(dev_priv); 4762 mutex_unlock(&dev_priv->drm.struct_mutex); 4763 if (err) 4764 goto err_dependencies; 4765 4766 INIT_LIST_HEAD(&dev_priv->context_list); 4767 INIT_WORK(&dev_priv->mm.free_work, __i915_gem_free_work); 4768 init_llist_head(&dev_priv->mm.free_list); 4769 INIT_LIST_HEAD(&dev_priv->mm.unbound_list); 4770 INIT_LIST_HEAD(&dev_priv->mm.bound_list); 4771 INIT_LIST_HEAD(&dev_priv->mm.fence_list); 4772 INIT_LIST_HEAD(&dev_priv->mm.userfault_list); 4773 INIT_DELAYED_WORK(&dev_priv->gt.retire_work, 4774 i915_gem_retire_work_handler); 4775 INIT_DELAYED_WORK(&dev_priv->gt.idle_work, 4776 i915_gem_idle_work_handler); 4777 init_waitqueue_head(&dev_priv->gpu_error.wait_queue); 4778 init_waitqueue_head(&dev_priv->gpu_error.reset_queue); 4779 4780 init_waitqueue_head(&dev_priv->pending_flip_queue); 4781 4782 dev_priv->mm.interruptible = true; 4783 4784 atomic_set(&dev_priv->mm.bsd_engine_dispatch_index, 0); 4785 4786 spin_lock_init(&dev_priv->fb_tracking.lock); 4787 4788 return 0; 4789 4790 err_dependencies: 4791 kmem_cache_destroy(dev_priv->dependencies); 4792 err_requests: 4793 kmem_cache_destroy(dev_priv->requests); 4794 err_vmas: 4795 kmem_cache_destroy(dev_priv->vmas); 4796 err_objects: 4797 kmem_cache_destroy(dev_priv->objects); 4798 err_out: 4799 return err; 4800 } 4801 4802 void i915_gem_load_cleanup(struct drm_i915_private *dev_priv) 4803 { 4804 i915_gem_drain_freed_objects(dev_priv); 4805 WARN_ON(!llist_empty(&dev_priv->mm.free_list)); 4806 WARN_ON(dev_priv->mm.object_count); 4807 4808 mutex_lock(&dev_priv->drm.struct_mutex); 4809 i915_gem_timeline_fini(&dev_priv->gt.global_timeline); 4810 WARN_ON(!list_empty(&dev_priv->gt.timelines)); 4811 mutex_unlock(&dev_priv->drm.struct_mutex); 4812 4813 kmem_cache_destroy(dev_priv->dependencies); 4814 kmem_cache_destroy(dev_priv->requests); 4815 kmem_cache_destroy(dev_priv->vmas); 4816 kmem_cache_destroy(dev_priv->objects); 4817 4818 /* And ensure that our DESTROY_BY_RCU slabs are truly destroyed */ 4819 rcu_barrier(); 4820 } 4821 4822 int i915_gem_freeze(struct drm_i915_private *dev_priv) 4823 { 4824 mutex_lock(&dev_priv->drm.struct_mutex); 4825 i915_gem_shrink_all(dev_priv); 4826 mutex_unlock(&dev_priv->drm.struct_mutex); 4827 4828 return 0; 4829 } 4830 4831 int i915_gem_freeze_late(struct drm_i915_private *dev_priv) 4832 { 4833 struct drm_i915_gem_object *obj; 4834 struct list_head *phases[] = { 4835 &dev_priv->mm.unbound_list, 4836 &dev_priv->mm.bound_list, 4837 NULL 4838 }, **p; 4839 4840 /* Called just before we write the hibernation image. 4841 * 4842 * We need to update the domain tracking to reflect that the CPU 4843 * will be accessing all the pages to create and restore from the 4844 * hibernation, and so upon restoration those pages will be in the 4845 * CPU domain. 4846 * 4847 * To make sure the hibernation image contains the latest state, 4848 * we update that state just before writing out the image. 4849 * 4850 * To try and reduce the hibernation image, we manually shrink 4851 * the objects as well. 4852 */ 4853 4854 mutex_lock(&dev_priv->drm.struct_mutex); 4855 i915_gem_shrink(dev_priv, -1UL, I915_SHRINK_UNBOUND); 4856 4857 for (p = phases; *p; p++) { 4858 list_for_each_entry(obj, *p, global_link) { 4859 obj->base.read_domains = I915_GEM_DOMAIN_CPU; 4860 obj->base.write_domain = I915_GEM_DOMAIN_CPU; 4861 } 4862 } 4863 mutex_unlock(&dev_priv->drm.struct_mutex); 4864 4865 return 0; 4866 } 4867 4868 void i915_gem_release(struct drm_device *dev, struct drm_file *file) 4869 { 4870 struct drm_i915_file_private *file_priv = file->driver_priv; 4871 struct drm_i915_gem_request *request; 4872 4873 /* Clean up our request list when the client is going away, so that 4874 * later retire_requests won't dereference our soon-to-be-gone 4875 * file_priv. 4876 */ 4877 spin_lock(&file_priv->mm.lock); 4878 list_for_each_entry(request, &file_priv->mm.request_list, client_link) 4879 request->file_priv = NULL; 4880 spin_unlock(&file_priv->mm.lock); 4881 4882 if (!list_empty(&file_priv->rps.link)) { 4883 spin_lock(&to_i915(dev)->rps.client_lock); 4884 list_del(&file_priv->rps.link); 4885 spin_unlock(&to_i915(dev)->rps.client_lock); 4886 } 4887 } 4888 4889 int i915_gem_open(struct drm_device *dev, struct drm_file *file) 4890 { 4891 struct drm_i915_file_private *file_priv; 4892 int ret; 4893 4894 DRM_DEBUG("\n"); 4895 4896 file_priv = kzalloc(sizeof(*file_priv), GFP_KERNEL); 4897 if (!file_priv) 4898 return -ENOMEM; 4899 4900 file->driver_priv = file_priv; 4901 file_priv->dev_priv = to_i915(dev); 4902 file_priv->file = file; 4903 INIT_LIST_HEAD(&file_priv->rps.link); 4904 4905 spin_lock_init(&file_priv->mm.lock); 4906 INIT_LIST_HEAD(&file_priv->mm.request_list); 4907 4908 file_priv->bsd_engine = -1; 4909 4910 ret = i915_gem_context_open(dev, file); 4911 if (ret) 4912 kfree(file_priv); 4913 4914 return ret; 4915 } 4916 4917 /** 4918 * i915_gem_track_fb - update frontbuffer tracking 4919 * @old: current GEM buffer for the frontbuffer slots 4920 * @new: new GEM buffer for the frontbuffer slots 4921 * @frontbuffer_bits: bitmask of frontbuffer slots 4922 * 4923 * This updates the frontbuffer tracking bits @frontbuffer_bits by clearing them 4924 * from @old and setting them in @new. Both @old and @new can be NULL. 4925 */ 4926 void i915_gem_track_fb(struct drm_i915_gem_object *old, 4927 struct drm_i915_gem_object *new, 4928 unsigned frontbuffer_bits) 4929 { 4930 /* Control of individual bits within the mask are guarded by 4931 * the owning plane->mutex, i.e. we can never see concurrent 4932 * manipulation of individual bits. But since the bitfield as a whole 4933 * is updated using RMW, we need to use atomics in order to update 4934 * the bits. 4935 */ 4936 BUILD_BUG_ON(INTEL_FRONTBUFFER_BITS_PER_PIPE * I915_MAX_PIPES > 4937 sizeof(atomic_t) * BITS_PER_BYTE); 4938 4939 if (old) { 4940 WARN_ON(!(atomic_read(&old->frontbuffer_bits) & frontbuffer_bits)); 4941 atomic_andnot(frontbuffer_bits, &old->frontbuffer_bits); 4942 } 4943 4944 if (new) { 4945 WARN_ON(atomic_read(&new->frontbuffer_bits) & frontbuffer_bits); 4946 atomic_or(frontbuffer_bits, &new->frontbuffer_bits); 4947 } 4948 } 4949 4950 /* Allocate a new GEM object and fill it with the supplied data */ 4951 struct drm_i915_gem_object * 4952 i915_gem_object_create_from_data(struct drm_i915_private *dev_priv, 4953 const void *data, size_t size) 4954 { 4955 struct drm_i915_gem_object *obj; 4956 struct file *file; 4957 size_t offset; 4958 int err; 4959 4960 obj = i915_gem_object_create(dev_priv, round_up(size, PAGE_SIZE)); 4961 if (IS_ERR(obj)) 4962 return obj; 4963 4964 GEM_BUG_ON(obj->base.write_domain != I915_GEM_DOMAIN_CPU); 4965 4966 file = obj->base.filp; 4967 offset = 0; 4968 do { 4969 unsigned int len = min_t(typeof(size), size, PAGE_SIZE); 4970 struct page *page; 4971 void *pgdata, *vaddr; 4972 4973 err = pagecache_write_begin(file, file->f_mapping, 4974 offset, len, 0, 4975 &page, &pgdata); 4976 if (err < 0) 4977 goto fail; 4978 4979 vaddr = kmap(page); 4980 memcpy(vaddr, data, len); 4981 kunmap(page); 4982 4983 err = pagecache_write_end(file, file->f_mapping, 4984 offset, len, len, 4985 page, pgdata); 4986 if (err < 0) 4987 goto fail; 4988 4989 size -= len; 4990 data += len; 4991 offset += len; 4992 } while (size); 4993 4994 return obj; 4995 4996 fail: 4997 i915_gem_object_put(obj); 4998 return ERR_PTR(err); 4999 } 5000 5001 struct scatterlist * 5002 i915_gem_object_get_sg(struct drm_i915_gem_object *obj, 5003 unsigned int n, 5004 unsigned int *offset) 5005 { 5006 struct i915_gem_object_page_iter *iter = &obj->mm.get_page; 5007 struct scatterlist *sg; 5008 unsigned int idx, count; 5009 5010 might_sleep(); 5011 GEM_BUG_ON(n >= obj->base.size >> PAGE_SHIFT); 5012 GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj)); 5013 5014 /* As we iterate forward through the sg, we record each entry in a 5015 * radixtree for quick repeated (backwards) lookups. If we have seen 5016 * this index previously, we will have an entry for it. 5017 * 5018 * Initial lookup is O(N), but this is amortized to O(1) for 5019 * sequential page access (where each new request is consecutive 5020 * to the previous one). Repeated lookups are O(lg(obj->base.size)), 5021 * i.e. O(1) with a large constant! 5022 */ 5023 if (n < READ_ONCE(iter->sg_idx)) 5024 goto lookup; 5025 5026 mutex_lock(&iter->lock); 5027 5028 /* We prefer to reuse the last sg so that repeated lookup of this 5029 * (or the subsequent) sg are fast - comparing against the last 5030 * sg is faster than going through the radixtree. 5031 */ 5032 5033 sg = iter->sg_pos; 5034 idx = iter->sg_idx; 5035 count = __sg_page_count(sg); 5036 5037 while (idx + count <= n) { 5038 unsigned long exception, i; 5039 int ret; 5040 5041 /* If we cannot allocate and insert this entry, or the 5042 * individual pages from this range, cancel updating the 5043 * sg_idx so that on this lookup we are forced to linearly 5044 * scan onwards, but on future lookups we will try the 5045 * insertion again (in which case we need to be careful of 5046 * the error return reporting that we have already inserted 5047 * this index). 5048 */ 5049 ret = radix_tree_insert(&iter->radix, idx, sg); 5050 if (ret && ret != -EEXIST) 5051 goto scan; 5052 5053 exception = 5054 RADIX_TREE_EXCEPTIONAL_ENTRY | 5055 idx << RADIX_TREE_EXCEPTIONAL_SHIFT; 5056 for (i = 1; i < count; i++) { 5057 ret = radix_tree_insert(&iter->radix, idx + i, 5058 (void *)exception); 5059 if (ret && ret != -EEXIST) 5060 goto scan; 5061 } 5062 5063 idx += count; 5064 sg = ____sg_next(sg); 5065 count = __sg_page_count(sg); 5066 } 5067 5068 scan: 5069 iter->sg_pos = sg; 5070 iter->sg_idx = idx; 5071 5072 mutex_unlock(&iter->lock); 5073 5074 if (unlikely(n < idx)) /* insertion completed by another thread */ 5075 goto lookup; 5076 5077 /* In case we failed to insert the entry into the radixtree, we need 5078 * to look beyond the current sg. 5079 */ 5080 while (idx + count <= n) { 5081 idx += count; 5082 sg = ____sg_next(sg); 5083 count = __sg_page_count(sg); 5084 } 5085 5086 *offset = n - idx; 5087 return sg; 5088 5089 lookup: 5090 rcu_read_lock(); 5091 5092 sg = radix_tree_lookup(&iter->radix, n); 5093 GEM_BUG_ON(!sg); 5094 5095 /* If this index is in the middle of multi-page sg entry, 5096 * the radixtree will contain an exceptional entry that points 5097 * to the start of that range. We will return the pointer to 5098 * the base page and the offset of this page within the 5099 * sg entry's range. 5100 */ 5101 *offset = 0; 5102 if (unlikely(radix_tree_exception(sg))) { 5103 unsigned long base = 5104 (unsigned long)sg >> RADIX_TREE_EXCEPTIONAL_SHIFT; 5105 5106 sg = radix_tree_lookup(&iter->radix, base); 5107 GEM_BUG_ON(!sg); 5108 5109 *offset = n - base; 5110 } 5111 5112 rcu_read_unlock(); 5113 5114 return sg; 5115 } 5116 5117 struct page * 5118 i915_gem_object_get_page(struct drm_i915_gem_object *obj, unsigned int n) 5119 { 5120 struct scatterlist *sg; 5121 unsigned int offset; 5122 5123 GEM_BUG_ON(!i915_gem_object_has_struct_page(obj)); 5124 5125 sg = i915_gem_object_get_sg(obj, n, &offset); 5126 return nth_page(sg_page(sg), offset); 5127 } 5128 5129 /* Like i915_gem_object_get_page(), but mark the returned page dirty */ 5130 struct page * 5131 i915_gem_object_get_dirty_page(struct drm_i915_gem_object *obj, 5132 unsigned int n) 5133 { 5134 struct page *page; 5135 5136 page = i915_gem_object_get_page(obj, n); 5137 if (!obj->mm.dirty) 5138 set_page_dirty(page); 5139 5140 return page; 5141 } 5142 5143 dma_addr_t 5144 i915_gem_object_get_dma_address(struct drm_i915_gem_object *obj, 5145 unsigned long n) 5146 { 5147 struct scatterlist *sg; 5148 unsigned int offset; 5149 5150 sg = i915_gem_object_get_sg(obj, n, &offset); 5151 return sg_dma_address(sg) + (offset << PAGE_SHIFT); 5152 } 5153 5154 #if IS_ENABLED(CONFIG_DRM_I915_SELFTEST) 5155 #include "selftests/scatterlist.c" 5156 #include "selftests/mock_gem_device.c" 5157 #include "selftests/huge_gem_object.c" 5158 #include "selftests/i915_gem_object.c" 5159 #include "selftests/i915_gem_coherency.c" 5160 #endif 5161